Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

7 Million Users Possibly Impacted by Freecycle Data Breach

Freecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach.

Freecycle.org, a platform that allows users to recycle their belongings, has prompted millions of users to reset their passwords after their credentials were compromised in a data breach.

The non-profit organization, which is based in the US but operates in the UK as well, says it identified the incident on August 30, and it has started sending notifications to its users.

“The breach of data includes usernames, User IDs, email addresses and passwords,” Freecycle says in an incident notice on its website. The passwords were hashed, the platform said in the email notification sent to users, a copy of which was posted on social media.

According to the organization, no other personal information aside from the exposed credentials was compromised during the incident.

“We are advising all members to change their passwords as soon as possible. We apologize for the inconvenience and would ask that you watch this space for further pending background,” a message from Freecycle Network’s executive director Deron Beal reads.

The organization provides detailed instructions on how users can reset their passwords and advises them to make sure that any reused passwords are reset on all other online platforms as well.

Following the data breach, Freecycle says, users might start receiving more spam in their mailboxes. The leaked data may also be used in phishing attacks.

What the organization has not revealed, however, was how the attackers gained access to its systems or how many of its approximately 11 million users might be impacted.

Advertisement. Scroll to continue reading.

According to screenshots that the alleged Freecycle hacker posted two months ago, more than 7 million individuals might have been affected by the incident. The hacker reportedly used stolen credentials to access the data.

Freecycle says it has informed the relevant authorities in the UK and the US about the data breach.

Related: Sourcegraph Discloses Data Breach Following Access Token Leak

Related: 500k Impacted by Data Breach at Fashion Retailer Forever 21

Related: 10 Million Likely Impacted by Data Breach at French Unemployment Agency

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights