7 million people exposed in massive Freecycle data breach — what to do now
Hackers managed to steal email addresses, usernames and hashed passwords
The online forum Freecycle revealed it's suffered a massive data breach that affects more than 7 million users.
As reported by BleepingComputer, the nonprofit confirmed in a data breach notification on its site that it fell victim to a data breach earlier this year. This comes weeks after one of the hackers behind the breach put the site’s stolen data up for sale on a dark web forum back at the end of May.
From furniture to cookware and even electronics, hundreds of items that are still usable are actually thrown out every day. Instead of letting them end up in a landfill, Freecycle operates a network made up of 5,000 local town groups with over 9 million users worldwide designed to give these items a new home.
Now though, more than 7 million of the site’s users could be at risk of phishing attacks or other scams after their usernames, user IDs, email addresses and MD5-hashed passwords have been stolen as the result of a data breach. Fortunately, though, no other information was exposed and this includes payment card details as Freecycle is an entirely free service.
Full access to Freecycle
Besides stealing the email addresses and usernames of Freecycle users, the hackers responsible also managed to steal the credentials of the nonprofit’s founder and executive director Deron Beal.
With Beal’s username and password in hand, this effectively gave the hackers full access to member information and posts on the forum. If Freecycle was a paid service, this would have been more worrying though.
In its data breach notification, Freecycle is urging all of its users to change their passwords immediately. This could be especially troubling for people who reuse passwords across multiple accounts as the hackers behind the breach will likely try to use them elsewhere.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
For this reason, it’s highly recommended that you use strong, complex and unique passwords for all of your online accounts and one of the best password managers can certainly help with this. Not only can they securely store your passwords but they can also generate new passwords that are likely stronger than the ones you can come up with on your own.
How to reset your Freecycle password
If you’re one of the 7 million Freecycle users affected by this data breach, you need to change your password immediately.
There are two ways you can do this. You can either head to your profile’s settings menu and scroll down to the Password Reset section or you can change your password using Freecycle’s password reset page through the email you likely received notifying you of the data breach.
It’s worth noting that this can take some time as Freecycle’s email system is currently overloaded with users attempting to change their passwords.
After you’ve changed your password, you’ll still need to be on the lookout for phishing emails in your inbox. You’re going to want to watch out for red flags like misspelled words and poor grammar as these are often telltale signs that you are dealing with a phishing email. Likewise, for additional protection, you should also install one of the best antivirus software solutions on your computer in case you fall victim to a malware infection from one of these phishing emails.
Freecycle has handled this data breach rather well so far but the company isn’t offering access to the best identity theft protection since it’s a free service that doesn’t handle payments or more sensitive data like Social Security numbers.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.