LiveJournal Data Breach
LiveJournal Blogging Platform Breach (2017, Disclosed 2020): 33 Million User Credentials Exposed and Used in Credential Attacks
Blogging and social networking platform.
Risk Interpretation
Exposure creates password reuse and account takeover risk, but also deeper reputational and identity-linkage harm because historic posts, private writings, and pseudonymous activity may be tied back to real individuals.
Impact & Downstream Threats
A breach of LiveJournal data dating to 2017 first came to public attention in 2019, when reports of credential stuffing attacks against Dreamwidth — a LiveJournal fork — were traced to credentials sourced from the dump. The full dataset of approximately 33.7 million records including email addresses, usernames, and plaintext passwords was broadly circulated on hacking forums in May 2020. LiveJournal's Russian parent company did not publicly acknowledge the breach or issue formal notifications to
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
LiveJournal, the blogging and social networking platform operated by Russian media company SUP Media, suffered a data breach dating to 2017 that exposed records for approximately 33.7 million users. The breach first attracted public attention in mid-2019, when credential stuffing attacks against Dreamwidth, a platform built on LiveJournal's codebase with a heavily overlapping user base, were traced back to stolen LiveJournal credentials. The full dataset was then shared on a hacking forum in May 2020 and redistributed widely. The exposed data included email addresses, usernames, and passwords stored in plaintext, meaning the passwords required no cracking and were immediately usable. This combination is particularly dangerous because many people reuse passwords across multiple services. For LiveJournal users specifically, the risk extends beyond account takeover: the platform hosted years of personal journals, private entries, and pseudonymous creative writing. Exposure of a username or email alongside a real identity could link individuals to content they wrote under a pseudonym, sometimes decades ago. SUP Media did not publicly acknowledge the breach or notify affected users. Russia has limited legal obligations around breach disclosure, and the company's operational focus on Russian-language markets meant few external accountability mechanisms applied. For affected users, the practical risks include unauthorized access to any account where the same password was reused, and potential identity linkage to historic pseudonymous activity on the platform. Anyone who used LiveJournal before 2017 should treat their credentials from that period as compromised and change any matching passwords on other services.
About LiveJournal
LiveJournal is a blogging and social networking platform founded in 1999 in the United States that became particularly influential in the early 2000s as a space for personal journals, fan communities, and creative writing. The platform was acquired by Russian media company SUP Media in 2007 and has since been operated primarily as a Russian-language service, though English-language communities remain active. The acquisition and subsequent policy changes drove significant user migration to other platforms, most notably Dreamwidth.
Why They Hold Your Data
Blogging and social publishing platforms collect emails, usernames, passwords, profile details, private messages, and long-form user-generated content tied to public and pseudonymous identity.
Recent Developments
LiveJournal continues to operate under Russian ownership. Its English-language user base has continued to decline as long-established communities migrated or went dormant. The platform has implemented content policies that drew criticism from LGBTQ+ users and communities, accelerating departures. LiveJournal's cultural relevance in Western markets is largely historical at this point.
Data Points Exposed
Canonical Fields
email_address, password, username
Dark Web Verification
- Dataset containing ~33.7M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: livejournal.com-2017;LiveJournal Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of LiveJournal
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam