Do you have an account on LiveJournal?

If so, you may have heard the persistent rumors that have been circulating since 2014 that the company was breached and some 33 million user records were stolen.

To this day, LiveJournal denies that they were breached.

Unfortunately, this month (May, 2020), a database containing 33,717,787 records, each with a unique user record, has been found circulating free of charge on the Dark Web. The database contains usernames, email addresses and plain text passwords. Given this fact, despite what LiveJournal may claim, it seems that they were indeed breached.

If there’s a silver lining to be found here, it lies not with LiveJournal’s response, but with the fact that the database is more than six years old. Even if you have an account on the site, odds are excellent that you would have changed your password at some point in the intervening six years. Just to be safe, however, even if that’s the case, the safest course of action would be to change it again.

It’s also worth repeating that if you’re in the habit of using the same password across multiple web properties, and you recycled your LiveJournal password on some other website, you’ll need to reset those passwords as well. This would also be an excellent time to break yourself of that habit. Start using different passwords on every website you access and enable two-factor authentication protocols everywhere you can.

Sadly, LiveJournal’s response to the existence of the database has been to double down on their denial, but the evidence that a breach occurred seems overwhelming. The account information had to come from somewhere, after all, and the record count aligns almost perfectly with the persistent rumors. Even though this is an old breach, change your LiveJournal password right away, just to be safe.