Freecycle, a nonprofit organization which sees members exchange reusable items to divert them from landfill, has recently suffered a data breach impacting 7 million of its members.
According to Freecycle, data stolen in the cyber attack included “usernames, User IDs, email addresses and passwords” but “no other personal information was compromised and the breach has been closed”. The organization also said that it had alerted the relevant authorities both in the US and the UK to the breach.
The breach was discovered on August 30, however the data stolen in the breach has been available for sale on the dark web since May 30. The database for sale allegedly included the data of Freecycle’s executive director, Deron Beal. After the cyber security incident was discovered, Freecycle urged its members to change their passwords immediately to prevent account compromise. It also suggested that if members had been reusing the same passwords on other sites, that they change their passwords there as well.
The nonprofit explained to those impacted that they may receive an increased amount of spam and phishing emails, and urged them to remain vigilant to phishing tactics. Victims of the data breach were reminded to not click on links or to download files from emails with unknown senders.
Deron Beal, executive director at The Freecycle Network, said via a notice on Freecycle’s site: “On August 30 we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change their passwords as soon as possible. We apologize for the inconvenience and would ask that you watch this space for further pending background.”
It has not yet been made public how the malicious actor gained access to Freecycle’s network.