LiveStream tells users to reset passwords, after possible data breach

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

LiveStreamVideo live streaming platform LiveStream is warning customers that account information, including names, dates of birth, phone numbers, email addresses and encrypted passwords may have been accessed by unauthorised party.

In an email sent out to customers, the company explained that it is requiring all users to reset their passwords:

We recently discovered that an unauthorized person may have accessed our customer accounts database. While we are still investigating the full scope of the incident, it is possible that some of your account information may have been accessed. This may include name, email address, an encrypted version of your password, and if you provided it to us, date of birth and/or phone number. We do not store credit card or other payment information. We have no indication that the encrypted passwords have been decoded, but in an abundance of caution, we are requiring all users to reset their passwords.

Livestream advisory

Sign up to our free newsletter.
Security news, advice, and tips.

No details have been shared at this point regarding how LiveStream was encrypting the passwords, and whether they are actually talking about password hashes and if any salting was in play. (Don’t understand all this salting and hashing stuff when it comes to password encryption? Watch this video).

Obviously it would be wise to ensure that you are not reusing your LiveStream password anywhere else on the net. Password reuse is perhaps the biggest problem with passwords – worse than choosing easy-to-guess passwords.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack or key logger) and then hackers using it to unlock your other online accounts.

If you find passwords a burden – simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Even if passwords have not been cracked, there remains the potential for anyone who has accessed LiveStream’s customer database to use it to send spam emails and phishing campaigns – so please be on your guard.

When I logged into my LiveStream account I was disappointed to find no warning of a potential security breach and that I wasn’t being forced to reset my password. Instead, I had to go into my account settings to reset it.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “LiveStream tells users to reset passwords, after possible data breach”

  1. Crewmax42

    I don't use Livestream, yet I got the e-mail. Not sure what that's all about!

    1. coyote · in reply to Crewmax42

      Either an old account you don't recall (or know of) or more likely a phishing attempt. Best advice is if you know you don't use a service and an email (or any other medium) claims you do and you have to act – delete it. More generally they hope to ensnare you out of fear; this person might ('could') use this so if we claim they do they might panic and then they are ours … When in doubt, delete it. In the case that they require you to change your password, if you truly use the service, you'll find out when you try to login via their system. So again, when in doubt delete it. Even if it seems legit it doesn't necessarily mean it is (and by seems legit I mean not only the context but how it is worded – pay attention to details no matter how minor or petty they might seem to you).

  2. Joss Gardner

    If this is true, how come Livestream didn't asked me to change my password when I just loged in?

  3. Travis

    Something else I noticed is the site does not default to SSL. If you click the Livestream banner link in their emails (
    Livestream · Facebook · Twitter · Help ) it takes you to http rather than a https to login.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.