Freecycle, an online platform dedicated to recycling and exchanging used items, has confirmed a significant data breach that impacted more than 7 million users. The breach came to light weeks after a threat actor offered the stolen data for sale on a hacking forum on May 30.
The compromised information includes usernames, User IDs, email addresses, and MD5-hashed passwords, though no other sensitive data was exposed, according to Freecycle.
Notably, the breach included the credentials of Freecycle’s founder and executive director, Deron Beal, granting the threat actor full access to member information and forum posts.
In response, Freecycle promptly advised all members to change their passwords and urged those who used the same credentials on other online services to do the same. Password resets can be initiated through user profiles’ settings or via email, although the latter may experience delays due to Freecycle’s busy email system.
This data breach has raised concerns about the security of online platforms that encourage community-driven sharing and recycling. Freecycle’s quick response in notifying users and law enforcement is commendable, emphasizing the importance of immediate action in such situations.
