Massive Freecycle data breach could affect 7 million users

Hackers stole Freecycle founder’s login credentials

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

More than seven million people may have had their sensitive information stolen following a data breach that happened on Freecycle’s servers.

The organization has published awarningon its website, describing what had happened and urging its users to change their login credentials, immediately.

Freecycle is a non-profit organization that connects people looking to exchange used things, instead of throwing them away.

Freecycle breach

“On August 30th we became aware of a data breach on Freecycle.org,” the organization wrote in its statement. “As a result, we are advising all members to change their passwords as soon as possible.”

“We apologize for the inconvenience and would ask that you watch this space for further pending background.”

The attack appears to have happened months previously, before even June, when the Freecycle database was already for sale on the dark web, including data such as usernames, user IDs, email addresses, as well as MD5-hashed passwords.

Analyzing the screenshots posted by the attackers,BleepingComputerconcluded that it was Freecycle founder and executive director Deron Beal who had his credentials stolen, granting the attackers keys to the kingdom.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Citrix servers hacked using zero-day exploit>Hackers are targeting US critical infrastructure using this Citrix zero-day>These are the best privacy tools around

Following the discovery of the breach, the organization reached out to the police, it said, and added that users should be wary of possible phishing attacks and other scams coming their way: “While most email providers do a good job at filtering out spam, you may notice that you receive more spam than usual,” the warning reads.

“As always, please remain vigilant of phishing emails, avoid clicking on links in emails, and don’t download attachments unless you are expecting them.”

Besides phishing, this type of information can also be used inidentity theftand wire fraud.

Freecycle is a major organization with almost 11 million members scattered around more than 5,000 towns around the world.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics