SFWA Data Breach

SFWA announced a data breach on May 21, 2022:

We recently became aware that some­one using SFWA membership credentials logged into our members-only directory and ran a specialized script to scrape the direc­tory of any member-facing data. This would have been anything you chose to share with your fellow SFWA members including email, telephone, websites, social media accounts, and mailing addresses in your member pro­file. Members who opted out of sharing in­formation in the directory were not affected.

The individual who scraped these pro­files has since released them publicly. Upon becoming aware of this release, we imme­diately removed all member access to the directory.

No financial data, confidential, or legal in­formation was scraped from the directory as those have always been set to “no access” by our admins or held in entirely different places within our infrastructure.

SFWA says the Board of directors “has launched an investigation and will be working with multiple agencies to find which member login was used and when. We have narrowed down the dates to a specific range and will be forwarding that on to the appropriate authori­ties.” They have now “removed access to the SFWA membership directory entirely and are looking at a better solution to help facilitate communication between members.”

SFWA advises that if members “receive any unsolicited or harassing text messages, emails, phone calls, website comments, or physical mail, please forward any information you are willing and able to share about these, including screen­shots of text or social media messages, pictures or scans of physical mail, to <directory@sfwa>.org as these may assist us in our investigation.”

They further recommend that members “do not engage with anyone questionable who tries to interact with you via social media or sends you unsolicited communications. Mute and block these senders without responding. If un­solicited communications escalate further, we recommend contacting your local authorities to create a record of the harassment.” They also suggest changing passwords frequently.

They conclude by saying, “We take your pri­vacy very seriously here at SFWA and realize that once useful tools such as our membership directory need to be reevaluated in light of the ongoing struggle to control our own personal data on the internet.” For questions or concerns, address <directory@sfwa.org>.

This report and more like it in the July 2022 issue of Locus.

Locus Magazine, Science Fiction FantasyWhile you are here, please take a moment to support Locus with a one-time or recurring donation. We rely on reader donations to keep the magazine and site going, and would like to keep the site paywall free, but WE NEED YOUR FINANCIAL SUPPORT to continue quality coverage of the science fiction and fantasy field.

©Locus Magazine. Copyrighted material may not be republished without permission of LSFF.

Leave a Reply

Your email address will not be published. Required fields are marked *