Her team Joomla reported that the backup was not encrypted and contained details of about 2.700 users who registered and created profiles on the JRD website, a portal where professionals advertise their skills on Joomla.
Its managers Joomla reported that they are still investigating the incident. It is currently not clear if anyone found and downloaded the data from the Amazon Web Services S3 server.
The data that could have been exposed if someone downloaded the backup includes details such as:
- Full name
- Business address
- Business email address
- Business phone number
- Company URL
- Nature of business
- Encrypted password (hashed)
- IP address
- Preference to subscribe to newsletters
The severity of this violation is considered low, as most of this information was already public, as the JRD portal serves as a directory for professionals Joomla. However, encrypted passwords and IP addresses were not intended to be public.
Her team Joomla now suggests to all JRD users to change their password on the JRD portal, but also on those sites that re-use the same password.
Her team Joomla reported that as soon as it discovered the accidental leak of the JRD website backup, it conducted a full security check on the JRD portal.
The Joomla is a content management system (CMS), a web application used to create and manage web pages. It is currently the third most used CMS on the Internet. It lost second place to Shopify this month.