PSA: Livejournal security bug

[pseudomonas]

There seems to be a privacy breach on LJ whereby people have been given access to other people's private/locked entries: http://boundbooks.dreamwidth.org/100381.html It appears from the stuff linked there that it's ongoing, but I don't know how widespread it is. I also don't know if an attacker could somehow exploit this to gain access to an account they wish to spy on or if it's just (as seems at the moment) random people getting logged into random wrong journals.

You can see when anyone (hopefully you or an application you've authorised!) logged into your account at http://www.livejournal.com/manage/logins.bml - I don't know for sure that these mis-logins will be shown there, but people seem to be suggesting it might be useful. ETA: pne says that this is unlikely to be the case

I haven't seen any workrounds to protect locked entries from this bug; I know some people have temporarily deleted their LJ accounts. I'm not doing that unless it becomes clear that it can be deliberately exploited (and that anyone who gains access can't just hit the undelete button), but then I don't have much in my locked entries that'd be disastrous if it became public.

Comments

[pseudomonas]

Thanks for clarifying things!