Joomla: announced a data leak

The team behind the Open Content Management System Joomla (CMS) reported a breach last week.

The incident occurred when a Joomla Resources Directory (JRD) team member left a full backup of the JRD website (resources.joomla.org) in an Amazon Web Services S3 bucket owned by the company.

The Joomla team said the backup was not encrypted and contained details of about 2.700 users who registered and created profiles on the JRD website, a portal where professionals advertise their skills in Joomla.

Joomla executives said they were still investigating the incident. It is currently not clear if anyone found and downloaded the data from the Amazon Web Services S3 server.

The data that could have been exposed if someone downloaded the backup includes details such as:

  • Full name
  • Business address
  • Business email address
  • Business phone number
  • Company URL
  • Nature of business
  • Encrypted code (hashed)
  • IP address
  • Preference to subscribe to newsletters

The severity of this violation is considered low, as most of this information was already public, as the JRD portal serves as a directory for Joomla professionals. However, encrypted passwords and IP addresses were not intended to be public.

The Joomla team now suggests to all JRD users to change their password on the JRD portal, but also on those sites that re-use the same password.

The Joomla team reported that as soon as they discovered the accidental leak of the JRD website backup, they conducted a full security check on the JRD portal.

“The audit also showed the presence of Super User accounts belonging to individuals of Open Source Matters," the Joomla team said in disclosing the breach last Thursday.

Το Joomla είναι ένα σύστημα διαχείρισης περιεχομένου (CMS), μια διαδικτυακή εφαρμογή που χρησιμοποιείται για τη δημιουργία και τη διαχείριση ιστοσελίδων. Αυτή τη στιγμή είναι το τρίτο CMS που χρησιμοποιείται περισσότερο στο Δια. It lost second place to Shopify this month.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).