26 million LiveJournal credentials for sale on dark web

Plus, an extortion scheme, a cryptomining campaign, and some new stats on telecommuters

Rumors that a massive LiveJournal hack occurred several years ago were proven true this week as 26 million stolen credentials from the popular online journaling platform went up for sale on the dark web. ZDNet reported that rumors of the hack have been circulating since 2018 when users began seeing their LiveJournal passwords show up in targeted sextortion schemes. Then, this week, attackers used old LiveJournal credentials to launch credential-stuffing attacks at LiveJournal offshoot Dreamwidth. Despite this likely evidence, however, LiveJournal parent company Rambler Group still has not confirmed a breach.

Outside security researchers investigating the issue believe that LiveJournal was hacked in 2014, after which cybercriminals privately traded the stolen data, which included over 26 million username/password combinations. After several years of trading, the data began to leak online. It grew more and more broadly available, soon selling for as low as $35, and ultimately becoming a free download. LiveJournal users who have not changed their passwords since 2014 should do so as soon as possible. 

With most people keeping dozens of online accounts these days, it’s likely that at least some of them will end up compromised. Avast security evangelist Luis Corrons offered a simple strategy to mitigate the risk: “Don't reuse passwords, and use a password manager to create strong credentials,” he said, adding that whenever possible, one should always enable two-factor authentication. However, Corrons cautions, employing these tactics doesn’t preclude rule out other security risks: Anyone with an email address can still be the target of other types of digital threats such as sextortion scams.

Remote Workforce Report gauges telecommuting success

Researchers conducted an online survey this month, polling 413 IT and cybersecurity professionals from various U.S. companies about their remote workforce migrations. Prior to the COVID crisis, 63% of the organizations had 25% of their employees working remotely. Now, however, 75% of those surveyed claim to have 75% of their staff working from home. Security is still the main issue for remote workers, as 70% of the companies admitted that they were either moderately prepared for the shift or not prepared at all. Yet even as companies struggle to scale up their security, 84% say they are “somewhat likely” to continue with the telecommuting trend after the crisis passes, and 44% are “very likely” to continue. Read more results at TechRepublic

This week’s quote tweet

“Republicans feel that Social Media Platforms totally silence conservatives [sic] voices. We will strongly regulate, or close them down, before we can ever allow this to happen.”

U.S. President Donald Trump, after Twitter began tagging some of his posts with a fact-check warning this week. More at Business Insider

Hacker steals data and extorts online shops

An attacker is stealing customer records from online shops and demanding a ransom payment, threatening to sell the data if the victims do not pay .06 bitcoin ($525) within 10 days. Bitcoin wallets used by the attacker recorded more than 100 transactions in recent weeks and contain over $51,000 combined. While some victims seem to be paying, the hacker has put over 1.5 million rows of records for sale on a public website, including names, emails, home addresses, hashed passwords, birthdates, and more. Bleeping Computer reported that most of the listed databases come from online shops based in Germany, with others hailing from Brazil, Italy, India, Spain, Belarus, and the U.S.

Blue Mockingbird attacks enterprises with cryptominer

A hacking group known as Blue Mockingbird is believed to have been injecting thousands of enterprises with a cryptocurrency mining malware since December 2019. The group targets enterprises that use apps with a Telerik framework in order to exploit a hard-to-patch vulnerability in the Telerik UI component. Even if the app in question is updated, the Telerik component embedded within that app may be old and exploitable. “This confusion has been ruthlessly exploited by attacks over the past year, ever since details about the vulnerability became public,” reported ZDNet

This week’s stat

305,000

The number of Paycheck Protection Program applications that could be involved in a data breach affecting Bank of America clients. Read more here

Arbonne data breach exposes thousands 

In a notification filed with the Office of the Attorney General in California, multi-level marketing company Arbonne International reported a data breach that affected about 3,500 California residents. Arbonne said it discovered the breach on April 20, 2020, when unusual activity on its servers may have been caused by a hacker gaining unauthorized access to customer names, home addresses, usernames, and passwords. In its communication to affected customers, Arbonne said that it has not found evidence that any payment card numbers or Social Security numbers were accessed. 

This week’s ‘must-read’ on The Avast Blog

With 2020 being an election year in the U.S., it’s a good time to learn how political candidates in the 2018 midterm elections used online tracing on their websites and what that means for privacy. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

Related articles

--> -->