2y A total of 26,372,781 users’ credentials of Livejournal has been discovered for sale on the dark web. This has raised a serious concern as well as a confirmation as the authenticity of the data breach was earlier dismissed by the parent company, the Rambler. According to a data breach indexing service, Have I Been Pwned (HIBP), a copy of the database containing millions of Livejournal users' credentials was indexed on its website, establishing an undeniable confirmation of a data breach that was launched in 6 years ago. As claimed by researchers, Livejournal was hacked in 2014, and hackers made away with sensitive information of users including the usernames, emails, and plaintext passwords of their accounts. This was unknown by the site until a number of users started complaining of being targets of sextortion email spam campaigns with their old unique Livejournal passwords. These appeared online in as early as October 2018. However, it was treated as nothing other than a rumor. Interestingly, vendors on the dark web have been actively trading and selling the obtained credentials in the midst of all the “so-called” rumors. DreamWidth, another blogging platform that shares the same codebase and users with Livejournal, and was established from the latter has confirmed in a number of posts that hackers have attempted to get access to their account using the password combination and usernames of the Livejournal account. The credential stuffing attacks on DreamWidth was supposed to be enough evidence of a data breach on its related website. However, the Rambler Group denied the confirmation by the DreamWidth administrators concerning any form of a data breach on their website. The reason is unclear, but this was possibly done to save the company's reputation. In a bid to investigate the claims, ZDNet partnered a Threat Intelligence firm, Kela, to substantiate the existence of the database containing credentials of Livejournal users on the dark web. In their search, they discovered Livejournal users’ data on multiple locations on the dark web. The combined effort of ZDNET researchers and Kela led to the discovery of multiple Ads displayed by various vendors, and the willingness of both buyers and sellers to trade the Livejournal users data. The researchers also discovered that the threat actors might have traded the stolen database in private immediately after the 2014 data breach. This explains why affected users received spam emails as the data probably fell in the hands of brute-forcing botnets and spam groups. After some period of private trading, the data leaked online. In fact, WeLeakInfo, the defunct data breach indexing service claimed in July 2019 that they had obtained a copy of the Livejournal database. The database became commonly available as time went by, and some marketplaces even offered them as low as $35 as claimed by the researchers. The database was also shared on a popular hacking forum, file sharing portals, and various telegram channels for free downloads. The Rambler has however dismissed the announcement of (HIBP) on obtaining a copy of the Livejournal database. According to them, hackers have not accessed their system in any way, claiming that the circulating data were compiled over the years from different sources through malware infections and brute-force attacks. However, the fact that some users have been victims of scam campaigns call for the need for users to take the necessary step to halt any future impact. Users who use the same Livejournal account passwords on multiple platforms are highly at risk and must find it necessary to change them as soon as possible. Users who changed their passwords after the alleged breach are safe. DreamWidth has been battling a serious frequency credential stuffing attacks with the old Livejournal credentials. Hackers certainly use the same technique on different platforms. However, DreamWidth case is said to be visible due to the shared history with Livejournal. Credential stuffing attack is very common and has been used by hackers over the years to obtain the credentials of users. It is the automated injection of stolen usernames and passwords for fraudulent gain. Breached credentials are entered on a website until a match is found and uploaded on the dark web. It is a very effective account protection strategy to have the habit of frequently changing passwords to prevent third parties from accessing accounts with stolen passwords.