Science Fiction and Fantasy Writers of America (SFWA) notified members today that someone using SFWA membership credentials has accessed the members-only directory, copied the member-facing data, and released it publicly.
The announcement understandably did not say specifically where the data had been published.
We recently became aware that someone using SFWA membership credentials logged into our members-only directory and ran a specialized script to scrape the directory of any member-facing data. This would have been anything you chose to share with your fellow SFWA members including email, telephone, websites, social media accounts, and mailing addresses in your member profile. Members who opted out of sharing information in the directory were not affected.
The individual who scraped these profiles has since released them publicly. Upon becoming aware of this release, we immediately removed all member access to the directory.
No financial data, confidential, or legal information was scraped from the directory as those have always been set to “no access” by our admins or held in entirely different places within our infrastructure.
SFWA has taken the matter to appropriate authorities, however, the organization’s announcement implies they do not know which specific member login was associated with the data-scraping event.
The SFWA Board of Directors has launched an investigation and will be working with multiple agencies to find which member login was used and when. We have narrowed down the dates to a specific range and will be forwarding that on to the appropriate authorities.
We have removed access to the SFWA membership directory entirely and are looking at a better solution to help facilitate communication between members.
Meanwhile, members have been requested to share with SFWA unsolicited messages and other contacts they receive that may relate to the misuse of directory information.
If you receive any unsolicited or harassing text messages, emails, phone calls, website comments, or physical mail, please forward any information you are willing and able to share about these, including screenshots of text or social media messages, pictures or scans of physical mail, to [email protected] as these may assist us in our investigation.
We recommend that you do not engage with anyone questionable who tries to interact with you via social media or sends you unsolicited communications. Mute and block these senders without responding. If unsolicited communications escalate further, we recommend contacting your local authorities to create a record of the harassment.
Members have also been advised to change the password to their SFWA membership. And the organization says, “once useful tools such as our membership directory need to be reevaluated in light of the ongoing struggle to control our own personal data on the internet.”