![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(Got this from "Have I Been Pwned?" today. I've been signed up with "Have I
Been Pwned?" for maybe 4-5 years now. If you tend to use the same passwords on your DW as your LJ, then CHECK YOUR LJ &/OR DW ACCOUNTS now & change those passwords!!
--v)
---------- Forwarded message ---------
From: Have I Been Pwned <noreply@haveibeenpwned.com>
Date: Tue, May 26, 2020, 17:32
Subject: You're one of 26,372,781 people pwned in the LiveJournal data
breach
https://haveibeenpwned.com/
You've been pwned!
You signed up for notifications when your account was pwned in a data
breach and unfortunately, it's happened. Here's what's known about the
breach:
Breach: LiveJournal
Date of breach: 1 Jan 2017
Number of accounts: 26,372,781
Compromised data: Email addresses, Passwords, Usernames
Description: In mid-2019, news broke of an alleged LiveJournal data breach.
This followed multiple reports of credential abuse against Dreamwidth
beginning in 2018, a fork of LiveJournal with a significant crossover in user base.
The breach allegedly dates back to 2017 and contains 26M unique usernames and email
addresses (both of which have been confirmed to exist on LiveJournal)
alongside plain text passwords.
An archive of the data was subsequently shared on a popular hacking forum in May 2020 and redistributed broadly. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
2 Steps to Better Password Security
Monitoring Have I Been Pwned for data breaches is a great start, now try
these next 2 steps to protect all your accounts:
Step 1: Protect yourself with strong, unique passwords for each website
with the 1Password password manager https://1password.com/haveibeenpwned/
Step 2: Enable 2 factor authentication and store the codes inside your
https://1password.com/haveibeenpwned/. You can also run a search for
breaches of your email address again at https://haveibeenpwned.com/.
Why are you only hearing about this now? Whilst the breach occurred in
January 2017, sometimes there can be a lengthy lead time of months or even
years before the data is disclosed publicly. Have I Been Pwned will always
attempt to alert you ASAP, it's just a question of how readily available
the data is.
Please note that it is not possible to retrieve the passwords themselves
from HIBP
https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/.
If you don't want to receive any future breach notifications, just click
here to unsubscribe
https://haveibeenpwned.com/Unsubscribe/12657edfc7bdbcced96224b7a02dcacf.
Donate to Have I Been Pwned
If you loved this free service and want to know what goes into making it
possible, have a read of the donations page
https://haveibeenpwned.com/Donate. Buy me a coffee or a beer or just some
time with the kids at a movie.
haveibeenpwned.com
A troyhunt.com https://www.troyhunt.com project
Been Pwned?" for maybe 4-5 years now. If you tend to use the same passwords on your DW as your LJ, then CHECK YOUR LJ &/OR DW ACCOUNTS now & change those passwords!!
--v)
---------- Forwarded message ---------
From: Have I Been Pwned <noreply@haveibeenpwned.com>
Date: Tue, May 26, 2020, 17:32
Subject: You're one of 26,372,781 people pwned in the LiveJournal data
breach
https://haveibeenpwned.com/
You've been pwned!
You signed up for notifications when your account was pwned in a data
breach and unfortunately, it's happened. Here's what's known about the
breach:
Breach: LiveJournal
Date of breach: 1 Jan 2017
Number of accounts: 26,372,781
Compromised data: Email addresses, Passwords, Usernames
Description: In mid-2019, news broke of an alleged LiveJournal data breach.
This followed multiple reports of credential abuse against Dreamwidth
beginning in 2018, a fork of LiveJournal with a significant crossover in user base.
The breach allegedly dates back to 2017 and contains 26M unique usernames and email
addresses (both of which have been confirmed to exist on LiveJournal)
alongside plain text passwords.
An archive of the data was subsequently shared on a popular hacking forum in May 2020 and redistributed broadly. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
2 Steps to Better Password Security
Monitoring Have I Been Pwned for data breaches is a great start, now try
these next 2 steps to protect all your accounts:
Step 1: Protect yourself with strong, unique passwords for each website
with the 1Password password manager https://1password.com/haveibeenpwned/
Step 2: Enable 2 factor authentication and store the codes inside your
https://1password.com/haveibeenpwned/. You can also run a search for
breaches of your email address again at https://haveibeenpwned.com/.
Why are you only hearing about this now? Whilst the breach occurred in
January 2017, sometimes there can be a lengthy lead time of months or even
years before the data is disclosed publicly. Have I Been Pwned will always
attempt to alert you ASAP, it's just a question of how readily available
the data is.
Please note that it is not possible to retrieve the passwords themselves
from HIBP
https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/.
If you don't want to receive any future breach notifications, just click
here to unsubscribe
https://haveibeenpwned.com/Unsubscribe/12657edfc7bdbcced96224b7a02dcacf.
Donate to Have I Been Pwned
If you loved this free service and want to know what goes into making it
possible, have a read of the donations page
https://haveibeenpwned.com/Donate. Buy me a coffee or a beer or just some
time with the kids at a movie.
haveibeenpwned.com
A troyhunt.com https://www.troyhunt.com project