HQ/EMEAFind out how we can help your business
Freecycle, an online community exclusive for sharing unwanted items instead of putting them in the bin or landfill, encourages its users to change their passwords after sustaining a data breach incident.
A concerned user said it first noticed the website’s Freecycle announcement of the security breach. It did not receive any notification letters despite being a community member.
The Freecycle admins announced that they noticed the attack late last month after observing unauthorised access.
According to the Freecycle announcement, its admins became aware of the data breach on its websites on August 30th. The incident prompted the organisation to roll out notification letters to its members, encouraging them to change their passwords to avoid compromise.
The online platform apologised to its community for the inconvenience and asked them to be mindful of the behaviour that operates in the background.
The website has shared more information about the incident on its knowledge base. The site also provides instructions on how users can change their passwords.
Freecycle also confirmed that the breach could compromise various data, such as usernames, email addresses, user IDs, and hashed passwords. However, the announcement did not mention any details about the hashing algorithm, which could have been an important detail on how the passwords can be cracked.
Therefore, changing the Freecycle account and identical passwords to other platforms is imperative for all community members to avoid exploitation by the hackers who executed the breach.
The change of credentials could mitigate the potential impact of the incident since the threat actors will not have access to accounts they think they have stolen. Hence, periodically replacing passwords could be an excellent habit for people who use online platforms, like social media, for business purposes.
Other researchers endorse password management software solutions for users with password sorting trouble.
The Freecycle community should implement these provisions immediately as threat actors who infiltrated the platform may have started to move and exploit stolen data to earn profit from its operations.
