Freecycle gives users the gift of a security breach notice

Updated Freecycle, nan kindness aimed astatine recycling detritus that would different beryllium headed for landfill, has go nan latest statement to suffer astatine nan hands of cyber attackers and admit to a breach.

The kindness became alert connected August 30 that personification information had been "exposed" and issued urgent proposal to each members that passwords would request to beryllium changed. It besides warned users to beware of an uptick successful spam emails owed to nan specifications extracted.

Executive head Deron Beal said: "The information breach includes usernames, User IDs, email addresses and hashed passwords."

Although hashed – Freecycle did not elaborate connected nan hashing method utilized – nan vulnerability of nan passwords intends that a alteration would beryllium prudent regardless.

Beal said that while nan outfit doesn't person entree to nan existent list, "Shefa" connected breachforums is claiming 7 cardinal accounts and passwords pinch 31 (legitimate looking) 31 samples.

Also, if – eden forbid – that aforesaid password has been utilized elsewhere, those should besides beryllium changed. Don't reuse passwords, ok?

Beal went connected to opportunity nan breach had been closed and regulatory authorities notified. In a abstracted notification, Freecycle said UK information watchdog ICO and "the due US authorities" were informed.

While Freecycle did not instantly respond to a petition for remark regarding really nan information was accessed, Beal warned members: "Please stay vigilant of phishing emails, debar clicking connected links successful emails, and don't download attachments unless you are expecting them."

Data from nan breach, including Beal's ain credentials, reportedly turned up connected hacking forums earlier Freecycle posted its notification.

• Attackers accessed UK subject information done high-security fencing firm's Windows 7 rig
• Apple opens yearly applications for free hackable iPhones
• More UK cops' names and photos exposed successful supplier breach
• Health, costs info for 1.2M group feared stolen from Purfoods successful IT attack

Beal kicked disconnected US-based Freecycle successful 2003, aimed astatine recycling items for free alternatively than throwing them away. It began successful Tuscon, Arizona and has since dispersed to much than 110 countries. It is made up of much than 5,000 section municipality groups pinch complete 9 cardinal members astir nan world.

The statement has yet to corroborate really galore of those 9 cardinal members person had their specifications exposed successful nan onslaught – though immoderate reports put nan fig astatine 7 million. Its proposal truthful stands – each members should alteration their passwords arsenic soon arsenic possible.

Just don't recycle an aged one. ®

Updated to add:

Freecycle supremo Deron Beal has been successful touch since nan publication of nan article pinch a fewer updates. Asked what information was taken, he responded: "Username, ID, email, hashed password. That's fundamentally each nan individual accusation we person connected Freecycle.org arsenic a charitable nonprofit recycling and used-item gifting organization (no address, telephone number, financial info etc arsenic each posts of items are for free)."

When asked really nan breach occurred, he said: "We judge a server whitethorn person been exposed a mates years ago. And it looks to beryllium an aged breach arsenic nan information samples are old. The server successful mobility is nary longer exposed.

"Still, if personification hasn't changed their password, they should do so. Even though nan information connected Freecycle.org is not sensitive, immoderate individuals whitethorn beryllium utilizing nan aforesaid password elsewhere wherever information is much delicate successful nature."