Account Hijackings Force LiveJournal Changes
LiveJournal, an online community that boasts nearly 2 million active members, on Thursday announced sitewide changes for users logging into their accounts — changes prompted by a hacker group’s successful hijacking of potentially hundreds of thousands of user accounts.
In an alert posted to its user forum, LiveJournal said it was instituting new login procedures for users because “recent changes to a popular browser have enabled malicious users to potentially gain control of your account.” Company officials could not be immediately reached for comment. I also put in a query to Six Apart, which owns LiveJournal (and the service we use to produce this blog), but have yet to hear from them either.
LiveJournal’s stats page says the company has more than 9.2 million registered accounts, but that only 1.9 million of them are active in some way. The largest percentage of users are located in the United States and Russia.
“It is impossible to know how many of these are nonfunctional, but we have an 85% success rate on usage, so it may be fair to state that 85% of those are valid,” one member of Bantown told Security Fix. “However, we have only used approximately five hundred of these cookies so far, so it is impossible to tell whether this sample is statistically valid. Still, a massive number have been compromised.”