Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, explains how LiveJournal failed to meet even the most basic cybersecurity requirements, leading to a massive data breach…
How user credentials from LiveJournal wound up on the Dark Web
May 28, 2020
“The LiveJournal is a case study in security failure from start to finish. The breach has been well known since late 2018 and the dataset suggests it began 4 years earlier in 2014. Even worse, LiveJournal apparently didn’t follow even the most basic security best practices such as securely hashing users’ passwords. This put their users at enormous risk of immediate compromise should there ever be a problem that exposed the LiveJournal database. Attackers can use the cleartext passwords to log in directly to the compromised user’s account and try the same password on other services as often people will reuse the same password for many or all their accounts.
The worst failure, however, is that LiveJournal is still either unaware or willfully ignorant of the breach and has left its users at risk by failing to notify them or encouraging them to change their passwords. This is completely inexcusable behavior for any organization that is entrusted with data from users. Unless LiveJournal provides a prompt response to this breach and transparent accounting of how it is now conforming to security best practices, I’d encourage any LiveJournal users to abandon the service.”
Click Here To Read The Full Story…