Why did I get an email about a Data Breach of LiveJournal?
The Queen’s IT Services Security team recently became aware of a publication of account details that were released publicly in May of 2020, related to a 2017 data breach of LiveJournal, an online community, a social network, and a place for self-expression. This event may have potentially affected multiple account holders here at Queen’s. As a precaution, Queen’s IT Services will expire the passwords of any Queen’s accounts found to be listed on the site of published accounts and who have not changed their passwords since June 20, 2019.
What should I do to protect myself?
If you received an email message from IT Services concerning the LiveJournal breach and have not changed your password since June 20, 2019 you will be sent additional emails from IT Services requesting you to change your password, prior to your password expiring. NetID passwords are changed at https://netid.queensu.ca/selfservice/login/auth
We also encourage you to take the following actions to better protect yourself and your information:

1. Do not reuse passwords across your accounts.


2. If you have used your Queen’s password on multiple sites, we strongly encourage you to change that password on every other site where it has been used.


3. Be extra diligent of scams that may reference your account.

What data was published?
An extensive amount of personal information, dating back to 2017 that contained 26M unique usernames and email addresses (both of which have been confirmed to exist on LiveJournal) alongside plain text passwords. An archive of the data was subsequently shared on a popular hacking forum in May 2020 and redistributed broadly.
Why is Queen’s expiring passwords for accounts that had information published?
Queen’s account holders who fail to follow safe password practices are at risk when breaches like this occur. To protect your Queen’s account IT Services are taking this action to prevent account compromises by ensuring all accounts associated with the breach have refreshed passwords since June 20, 2020.
What caused the data breach?
We have no direct information about the cause of the breach. IT Services obtain breach information from several services, including “Have I Been Pwned?”. Visiting the website https://haveibeenpwned.com/ will allow you to enter and check your Queen’s University email address against all publicized breaches that reference your Queen’s email address.