LiveJournal 2017 Data Breach

LiveJournal Blogging Platform Breach (2017, Disclosed 2020): 33 Million User Credentials Exposed and Used in Credential Attacks | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

SocialEmail AddressPasswordUsername
Low SeverityWebsite / service breach

LiveJournal Blogging Platform Breach (2017, Disclosed 2020): 33 Million User Credentials Exposed and Used in Credential Attacks

Blogging and social networking platform.

Verified by ObscureIQ Intelligence
23/100Breach Risk Index
5Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: LiveJournal · Actor: Unknown · Sources: 9 references
Attack: Unknown
Profile: Platform · Blogging and social networking · Content publishing platform · Global
Timeline: Breach (2017-01-01) · Indexed (Dec 01, 2024) · Year (2017)
Exposure: 33.7M records · 3 fields: Email Address, Password, Username
Status: Confirmed

Executive Summary

LiveJournal, the blogging and social networking platform operated by Russian media company SUP Media, suffered a data breach dating to 2017 that exposed records for approximately 33.7 million users. The breach first attracted public attention in mid-2019, when credential stuffing attacks against Dreamwidth, a platform built on LiveJournal's codebase with a heavily overlapping user base, were traced back to stolen LiveJournal credentials. The full dataset was then shared on a hacking forum in May 2020 and redistributed widely. The exposed data included email addresses, usernames, and passwords stored in plaintext, meaning the passwords required no cracking and were immediately usable. This combination is particularly dangerous because many people reuse passwords across multiple services. For LiveJournal users specifically, the risk extends beyond account takeover: the platform hosted years of personal journals, private entries, and pseudonymous creative writing. Exposure of a username or email alongside a real identity could link individuals to content they wrote under a pseudonym, sometimes decades ago. SUP Media did not publicly acknowledge the breach or notify affected users. Russia has limited legal obligations around breach disclosure, and the company's operational focus on Russian-language markets meant few external accountability mechanisms applied. For affected users, the practical risks include unauthorized access to any account where the same password was reused, and potential identity linkage to historic pseudonymous activity on the platform. Anyone who used LiveJournal before 2017 should treat their credentials from that period as compromised and change any matching passwords on other services.

ObscureIQ assessment: Exposure creates password reuse and account takeover risk, but also deeper reputational and identity-linkage harm because historic posts, private writings, and pseudonymous activity may be tied back to real individuals.

Breach Impact

A breach of LiveJournal data dating to 2017 first came to public attention in 2019, when reports of credential stuffing attacks against Dreamwidth — a LiveJournal fork — were traced to credentials sourced from the dump. The full dataset of approximately 33.7 million records including email addresses, usernames, and plaintext passwords was broadly circulated on hacking forums in May 2020. LiveJournal's Russian parent company did not publicly acknowledge the breach or issue formal notifications to affected users — an outcome consistent with Russia's limited breach notification obligations and the platform's operational orientation toward Russian-language markets. The plaintext password storage meant the credentials were immediately usable for credential stuffing attacks on other platforms.

About LiveJournal

LiveJournal is a blogging and social networking platform founded in 1999 in the United States that became particularly influential in the early 2000s as a space for personal journals, fan communities, and creative writing. The platform was acquired by Russian media company SUP Media in 2007 and has since been operated primarily as a Russian-language service, though English-language communities remain active. The acquisition and subsequent policy changes drove significant user migration to other platforms, most notably Dreamwidth.

Why They Hold Your Data

Blogging and social publishing platforms collect emails, usernames, passwords, profile details, private messages, and long-form user-generated content tied to public and pseudonymous identity.

Recent Developments

LiveJournal continues to operate under Russian ownership. Its English-language user base has continued to decline as long-established communities migrated or went dormant. The platform has implemented content policies that drew criticism from LGBTQ+ users and communities, accelerating departures. LiveJournal's cultural relevance in Western markets is largely historical at this point.

Data Points Exposed

3 verified field types
Email Address
Password Critical
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Credential stuffing & account takeover
  • Cross-platform tracking & credential stuffing

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the LiveJournal breach?

LiveJournal, the blogging and social networking platform operated by Russian media company SUP Media, suffered a data breach dating to 2017 that exposed records for approximately 33.7 million users. The breach first attracted public attention in mid-2019, when credential stuffing attacks against…

What data was exposed?

Verified fields include Email Address, Password, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
BreachNet.pw
Independent catalogue listing
Cross-source
LeakCheck.io
Independent catalogue listing
Cross-source
LeakCheck.net
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation