LiveJournal Accounts Hijacked Due to XSS Holes

In a blog, a group of hackers known as “Bantown” has hacked “900,000 LJ accounts” to demonstrate that LiveJournal (LJ) is susceptible to cross-site scripting (XSS) through JavaScript. As an LJ user, this is troubling. While LJ claims that these holes were plugged, Bantown claims there are several holes still unplugged.

One of LJ’s solution is to use a new user subdomain.

LJ users: either have a backup blog (try Blogspot, or WordPress.com) or back up your entries. As on how to back up your entries: frankly, the only way I know is copy-paste. Also, Multiply has a feature where you can import your LJ blog to your Multiply blog (if you have an account).

The blog entry is here. Said link is also quoted at the LJ Infosec community.