Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and admit to a breach.

The charity became aware on August 30 that user data had been "exposed" and issued urgent advice to all members that passwords would need to be changed. It also warned users to beware of an uptick in spam emails due to the details extracted.

Executive director Deron Beal said: "The data breach includes usernames, User IDs, email addresses and hashed passwords."

Although hashed - Freecycle did not elaborate on the hashing technique used - the exposure of the passwords means that a change would be prudent regardless.

Also, if - heaven forbid - that same password has been used elsewhere, those should also be changed. Don't reuse passwords, ok?

Beal went on to say the breach had been closed and regulatory authorities notified. In a separate notification, Freecycle said UK data watchdog ICO and "the appropriate US authorities" were informed.

While Freecycle did not immediately respond to a request for comment regarding how the data was accessed, Beal warned members: "Please remain vigilant of phishing emails, avoid clicking on links in emails, and don't download attachments unless you are expecting them."

Data from the breach, including Beal's own credentials, reportedly turned up on hacking forums before Freecycle posted its notification.

Beal kicked off US-based Freecycle in 2003, aimed at recycling items for free rather than throwing them away. It began in Tuscon, Arizona and has since spread to more than 110 countries. It is made up of more than 5,000 local town groups with over 9 million members around the world.

The organization has yet to confirm how many of those nine million members have had their details exposed in the attack - although some reports put the figure at seven million. Its advice therefore stands - all members should change their passwords as soon as possible.

Just don't recycle an old one. ®

https://www.theregister.com//2023/09/05/freecycle_becomes_the_latest_data/