SFWA Data Breach
SFWA announced a data breach on May 21, 2022:
We recently became aware that someone using SFWA membership credentials logged into our members-only directory and ran a specialized script to scrape the directory of any member-facing data. This would have been anything you chose to share with your fellow SFWA members including email, telephone, websites, social media accounts, and mailing addresses in your member profile. Members who opted out of sharing information in the directory were not affected.
The individual who scraped these profiles has since released them publicly. Upon becoming aware of this release, we immediately removed all member access to the directory.
No financial data, confidential, or legal information was scraped from the directory as those have always been set to “no access” by our admins or held in entirely different places within our infrastructure.
SFWA says the Board of directors “has launched an investigation and will be working with multiple agencies to find which member login was used and when. We have narrowed down the dates to a specific range and will be forwarding that on to the appropriate authorities.” They have now “removed access to the SFWA membership directory entirely and are looking at a better solution to help facilitate communication between members.”
SFWA advises that if members “receive any unsolicited or harassing text messages, emails, phone calls, website comments, or physical mail, please forward any information you are willing and able to share about these, including screenshots of text or social media messages, pictures or scans of physical mail, to <directory@sfwa>.org as these may assist us in our investigation.”
They further recommend that members “do not engage with anyone questionable who tries to interact with you via social media or sends you unsolicited communications. Mute and block these senders without responding. If unsolicited communications escalate further, we recommend contacting your local authorities to create a record of the harassment.” They also suggest changing passwords frequently.
They conclude by saying, “We take your privacy very seriously here at SFWA and realize that once useful tools such as our membership directory need to be reevaluated in light of the ongoing struggle to control our own personal data on the internet.” For questions or concerns, address <email@example.com>.
This report and more like it in the July 2022 issue of Locus.
While you are here, please take a moment to support Locus with a one-time or recurring donation. We rely on reader donations to keep the magazine and site going, and would like to keep the site paywall free, but WE NEED YOUR FINANCIAL SUPPORT to continue quality coverage of the science fiction and fantasy field.
©Locus Magazine. Copyrighted material may not be republished without permission of LSFF.