Freecycle.org, a platform that allows users to recycle their belongings, has prompted millions of users to reset their passwords after their credentials were compromised in a data breach.
The non-profit organization, which is based in the US but operates in the UK as well, says it identified the incident on August 30, and it has started sending notifications to its users.
“The breach of data includes usernames, User IDs, email addresses and passwords,” Freecycle says in an incident notice on its website. The passwords were hashed, the platform said in the email notification sent to users, a copy of which was posted on social media.
According to the organization, no other personal information aside from the exposed credentials was compromised during the incident.
“We are advising all members to change their passwords as soon as possible. We apologize for the inconvenience and would ask that you watch this space for further pending background,” a message from Freecycle Network’s executive director Deron Beal reads.
The organization provides detailed instructions on how users can reset their passwords and advises them to make sure that any reused passwords are reset on all other online platforms as well.
Following the data breach, Freecycle says, users might start receiving more spam in their mailboxes. The leaked data may also be used in phishing attacks.
What the organization has not revealed, however, was how the attackers gained access to its systems or how many of its approximately 11 million users might be impacted.
According to screenshots that the alleged Freecycle hacker posted two months ago, more than 7 million individuals might have been affected by the incident. The hacker reportedly used stolen credentials to access the data.
Freecycle says it has informed the relevant authorities in the UK and the US about the data breach.