I have seen pretty good evidence
that a bad actor has all the logins and password details from LiveJournal, including old, deactivated passwords and including accounts that have been deleted. Change your LJ password now.
If you use that password anywhere else, change it there too. A really nasty blackmail spammer has it, and I find it credible that
This isn't a series of lucky guess. This is inside information, either from someone at LJ sniffing passwords when you login or some serious breach of security from outside.
I probably should in fact delete my LJ. I am happier since I stopped posting here just over a year ago, and the number of friends I have left who post regularly here and not to DW or other blogs is so small I probably might as well just add the RSS to a feed reader. I think it's down to owlfish
. I do care about you three and I don't want to miss your locked posts, so eh, maybe I should stick around.
But anyway, it seemed worthwhile to post a warning.
|Date:||October 4th, 2018 12:43 am (UTC)|
5 hours after journal entry, 01:43 am (owlfish's time)
It doesn't hurt to change my password regardless, plus a good reminder that I haven't re-imported to DW at all recently. So those are all up-to-date again.
(There's no need to answer it particularly, but did you by any chance receive my email from 26 Sept? I used the email address you display on FB.)
|Date:||October 4th, 2018 08:22 am (UTC)|
13 hours after journal entry
Thanks for providing my first occasion to change a password since I adopted my current password generation and management system. I probably ought to have tested the rollover process before having to do it for a real compromise, but fortunately, it seems to have behaved as expected. :-)
(Passwords like this are generated automatically by my pw manager and don't pass through my brain or fingers on the way to login prompts, so I don't even know what my LJ password is, before or after the change. I hear that people have recently been sending spam with a password of the recipient's in the subject line so they know the spammer really knows something – in my case, if someone did that to me, I'd still have no idea if they were bluffing!)