[conspire] (forw) You're one of 26, 372, 781 people pwned in the LiveJournal data breach
Rick Moen
rick at linuxmafia.com
Tue May 26 16:23:03 PDT 2020
Oh noes! The bad people found out in January 2017 one or more of the
following data items: my e-mail address, the username ('rinolj') I
used in the past on LiveJournal, and the password I (uniquely) used on
LiveJournal (and changed anyway).
Lucky for me, the bad guys never cracked the stored user-birthday
information on LiveJournal, because then they'd know that my birthday
is February 30th, and I can't have that happen.
(Input validation: It's a thing.)
This is all by way of a gentle reminder that you (yes, you) should find
a way to use unique-per-site authentication tokens (e.g., passwords), so
you can cease using the same ones across multiple sites. Whatever
method (within reason) you find for doing so is probably an improvement.
According to comments on https://news.ycombinator.com/item?id=20426997,
LiveJournal stored passwords in a functional near-equivalent of plaintext
storage format (well, a super-weak digest method, anyway: md5 hashes).
Some undisclosed entry method permitted snagging some or all of the
password database contents, and then presumably a long password-cracking
session followed.
----- Forwarded message from Have I Been Pwned <noreply at haveibeenpwned.com> -----
Date: Tue, 26 May 2020 22:30:18 +0000 (UTC)
From: Have I Been Pwned <noreply at haveibeenpwned.com>
To: rick at linuxmafia.com
Subject: You're one of 26,372,781 people pwned in the LiveJournal data breach
You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened.
You're one of 26,372,781 people who've had an account compromised in the LiveJournal hack of Jan 2017, the details of which you can read about here: https://haveibeenpwned.com/PwnedWebsites#LiveJournal
The data disclosed in the breach includes: Email addresses, Passwords, Usernames
Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:
Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager: https://1password.com/
Step 2: Enable 2 factor authentication and store the codes inside your 1Password account
You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised: https://haveibeenpwned.com/Verify/[hash redacted]
Why are you only hearing about this now? Whilst the breach occurred in January 2017, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. Have I Been Pwned will always attempt to alert you ASAP, it's just a question of how readily available the data is.
Please note that it is not possible to retrieve the passwords themselves from HIBP: https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/
If you don't want to receive any future breach notifications, just click here to unsubscribe: https://haveibeenpwned.com/Unsubscribe/[hash redacted]
----- End forwarded message -----
More information about the conspire
mailing list