Freecycle users told to change passwords after data breach • Graham Cluley

Freecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it suffered a data breach.

An announcement on the Freecycle website was the first I knew about the security breach, as – at the time of writing – despite being a member of the site I still haven’t received any other notification from the community.

On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change their passwords as soon as possible. We apologize for the inconvenience and would ask that you watch this space for further pending background. Deron Beal, Executive Director, The Freecycle Network

More information is shared on the Freecycle knowlegebase, where users are advised on how to change their passwords.

Freecycle says that the data breach “includes usernames, User IDs, email addresses and hashed passwords.” No mention is made regarding the hashing algorithm used or whether the passwords were also salted – which would be useful information to know when assessing how likely it is that passwords will be cracked.

Sign up to our free newsletter.
Security news, advice, and tips.

Regardless, it’s certainly a good idea to change your Freecycle password – but also to ensure that you are not using the same password anywhere else on the internet.

Although you may not be overly worried about someone accessing your Freecycle account, you definitely don’t want to make it easy for a malicious hacker to break into your other online accounts.

You should make it a habit to never use the same password on different sites.

If you find passwords a burden – simply use password management software like 1Password or Bitwarden to make them both safer and easier to remember.

You should also assume that cybercriminals now have your email address too – which may mean that Freecycle users can expect to receive phishing emails designed to trick them into sharing more information.

As ever, be careful out there.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy.
Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button