Freecycle is a nonprofit organization that is defined as a “movement of people who are giving (and getting) stuff for free in their own towns and keeping good stuff out of landfills.” Users of the site can give away stuff they want to get rid of, such as clothes or furniture, and claim items they want from other users for free.
VERIFY viewer Ole reached out via email to ask if it's true that Freecycle had a data breach and if user passwords need to be changed.
Did the Freecycle website have a data breach?
Yes, the Freecycle website recently had a data breach.
WHAT WE FOUND
On the homepage of the item giveaway site, a message says “On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change their passwords as soon as possible.”
Freecycle says the data breach includes usernames, user IDs, email addresses, and passwords.
According to their site, Freecycle has over 10 million members across 5,000 local towns.
Deron Beal, executive director of The Freecycle Network, confirmed the breach to VERIFY. He said the perpetrator “claims to have a list of 7 million Freecycle users. He provides a list of 31 samples that look like legitimate Freecycle.org user accounts.”
While Freecycle cannot confirm the extent of the list, the company is encouraging all users to change their passwords. Freecycle shared a guide on how users should reset their passwords, and advised that users change their passwords on other sites also if it was the same as the one used on Freecycle.
Freecycle also warns its users that they should be on the lookout for possible spam and phishing emails following the breach. They recommend to “avoid clicking on links in emails, and don't download attachments unless you are expecting them.”
A previous VERIFY also discusses ways you can avoid a phishing scam.