Freecycle suffers serious breach of user data

Penny Horwood
clock • 1 min read
Freecycle suffers serious breach of user data

Millions of users urged to change passwords urgently

Popular not-for-profit Freecycle network has confirmed it suffered a serious data breach at the end of last month.

In a  statement the organisation said it became aware of the breach last week, but the breach itself may have occurred years ago. The statement said:

"On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change your passwords as soon as possible. We apologize for the inconvenience." 

According to the organisation, the stolen data includes usernames, User IDs, email addresses, and MD5-hashed passwords. The fact that the whole point of Freecycle is giving objects away in preference to sending them to landfill means that the organisation doesn't store any user financial data.

The statement continues:

"While most email providers do a good job at filtering out spam, you may notice that you receive more spam than usual," users were advised.

"As always, please remain vigilant of phishing emails, avoid clicking on links in emails, and don't download attachments unless you are expecting them."

Commenting to The Register, Freecycle  Executive Director Deron Beal said:

"We believe a server may have been exposed a couple years ago. And it looks to be an old breach as the data samples are old. The server in question is no longer exposed.

"Still, if someone hasn't changed their password, they should do so. Even though the data on Freecycle.org is not sensitive, some individuals may be using the same password elsewhere where data is more sensitive in nature."

You may also like
Epic Games allegedly hacked by ransomware gang

Hacking

The company denies evidence of breach

clock 29 February 2024 • 3 min read
'Cybersecurity is a team sport, but it could do with a glow up'

Careers and Skills

Lacework and AWS challenge outdated perceptions of cybersecurity and attract new talent

clock 27 February 2024 • 5 min read
IT Essentials: LockBit and load

Security

They fought the law, and the law won - for now

clock 26 February 2024 • 2 min read
Penny Horwood
Author spotlight

Penny Horwood

Associate Editor focusing on diversity in tech and sustainability content.

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

IT Essentials: LockBit and load

IT Essentials: LockBit and load

They fought the law, and the law won - for now

Tom Allen
clock 26 February 2024 • 2 min read
Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read