There's been a round of journal hacking on LJ recently. Many victims (probably not all, but many) get caught out because they've got a Hotmail e-mail account associated with their LJ account, but the Hotmail account has gone unused for some time. After a while, Hotmail will purge the account... and recycle the username. What this means is that someone can go create a new Hotmail account with the same name as your old one, then tell LJ to send them a password reset for that account. The password reset will go to the Hotmail account that they now control, and they can use it to change your password and take over your journal. They often then wipe out your entire journal history and replace it with a link to another site; if your friends follow it, they'll often find that it's infected with viruses, malware or spyware.
This sucks. And it's becoming increasingly widespread; a couple friends and acquaintances have now been hit.
Some things to do to protect yourself:
1. Go to the E-mail Management
page on LJ and make sure that all of the addresses there are current and under your control. If need be, log into the e-mail accounts just to make sure they're still yours. (Hotmail is the only one I know for sure has this problem, but it would not shock me to learn that, e.g., Yahoo does the same thing. Better safe than sorry.) Remove any that you no longer control or aren't sure about; the page should only list e-mail addresses you are now using.
2. Set a secret question
. The person requesting a password reminder will have to answer this secret question before the password reset will be sent to them. That way, even if they've got your e-mail, they may not be able to get the reset.
3. Use a strong password. While the hackings I know of were mostly all the Hotmail e-mail address hack, it's still a good idea to make sure that your password isn't easily guessable.
4. Back up your journal. For a lot of people, the worst thing about losing the journal is that the hackers delete everything. That's years and years of personal information, poof, gone; even if they regain control of the account, it may not be recoverable. A journal backup means that even if your LJ is gone forever, you still have all your posts/comments/etc. If you're on Windows, you can do this one of two ways -- using LJArchive
, which creates a local copy that can't be re-uploaded to LJ but that preserves all of your info (including comments) and can be exported as HTML, or using LJSec
to create a mirror to another LJ-architecture site (like InsaneJournal, Journalfen, etc), which doesn't preserve comments but does allow for re-uploading. More info on both methods is at brown_betty's LJ backup guide
. I've used both of those methods successfully myself. If you're on something other than Windows, I've heard good things about LJBook
(which creates a PDF) and LJDump
(a Python script), but have not used them myself. Important Note
: Many hacked journals have their content replaced by a pointer to a new website. This website is often a trap, laden with viruses, malware, etc. If you see someone post something that looks odd or suspicious -- especially if it's 'I'm leaving LJ and going elsewhere!' or 'check out my new journal!' -- hover over those links and see if they actually point you where they say they point you. Don't click 'em unless they check out. Communities can be hacked, too, so if you see something like this on a comm, be suspicious of that, too.EDIT
: I've successfully used both LJArchive and LJ-Sec myself, so if you have any questions about them, I may be able to answer them.