Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users.
The nonprofit organization says it discovered the breach on Wednesday, weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, warning affected people to switch passwords immediately.
The stolen information includes usernames, User IDs, email addresses, and MD5-hashed passwords, with no other information exposed, according to Freecycle.
From screenshots shared by the threat actor who is selling the stolen information, the credentials of Freecycle founder and executive director Deron Beal were stolen in the incident, giving the threat actor full access to member information and forum posts
“On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change their passwords as soon as possible,” Beal warned in a notification added to the homepage.
“We apologize for the inconvenience and would ask that you watch this space for further pending background.”
Those using the same credentials on other online services were also advised to change them to prevent account breaches.
To reset your Freecycle password, you can use one of two methods:
Users should be aware of delays (up to one hour) affecting the password reset process via email because Freecycle’s “email system is very busy at this time.”
After being made aware of the data breach, Freecycle said that it also reported the incident to the appropriate authorities.
“While most email providers do a good job at filtering out spam, you may notice that you receive more spam than usual,” users were cautioned.
“As always, please remain vigilant of phishing emails, avoid clicking on links in emails, and don’t download attachments unless you are expecting them.”
Freecycle boasts a user base comprising nearly 11 million members from more than 5,300 local towns worldwide.
Source: https://www.bleepingcomputer.com/news/security/freecycle-confirms-massive-data-breach-impacting-7-million-users/