Data Breach (August 2023)
On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change your passwords as soon as possible. We apologize for the inconvenience.
We have notifyied the ICO in the UK and the appropriate US authorities.
We are sending email notifications to all registered email addresses. Please be patient as it will take a while to deliver all of those emails. You should also check your Spam folder to make sure it didn't end up there.
There are two ways to reset your password:
- Preferred method: Go to My Settings, here: https://www.freecycle.org/home/settings/ and scroll down to the Password Reset section. Enter your new password in both fields. Make sure you do not use this password for any other site. Scroll to the bottom of the page and click Save Changes. You will be asked to log in with your new password.
- If you aren't able to log in or can't get to the Settings page, request a password reset here: https://freecycle.org/login?reset-password. Follow the instructions in the email you receive. Please allow up to an hour to receive the email as our email system is very busy at this time. If you don't receive an email, check your Spam folder. Mark the message Not Spam, which will move it to your inbox, where you can safely proceed. If you use Gmail, the message may have gone to one of Gmail's default folders, such as Social, Updates, Forums, or Promotions.
If you have difficulty changing your password, click the Contact link at the top of this page, or the green question mark at the bottom of any page of the Freecycle.org website to send our Help Team volunteers a message. You do not need to be logged in to contact us.
The breach of data includes usernames, User IDs, email addresses and passwords. Because of the exposure of personal passwords we are taking every measure to quickly inform members about the need to change their passwords. If you have used the same password elsewhere, you are well advised to change the password there as well. No other personal information was compromised and the breach has been closed and is being reported to the respective privacy authorities.
What this means for you: While most email providers do a good job at filtering out spam, you may notice that you receive more spam than usual. As always, please remain vigilant of phishing emails, avoid clicking on links in emails, and don't download attachments unless you are expecting them.
Here are some useful links to help keep you safe:
- Find out what past data breaches have involved your personal information: https://haveibeenpwned.com/
US
- Learn how to recognize phishing emails: https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams#report
UK
- Learn how to recognize and report phishing scams in the UK: https://www.gov.uk/report-suspicious-emails-websites-phishing#:~:text=Forward%20suspicious%20emails%20to%20report,(%20NCSC%20)%20will%20investigate%20it.
Canada
- Learn about online safety: https://www.getcybersafe.gc.ca/en
- Rreporting fraud in Canada: https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm