1 min read

Joomla Open-Source CMS Affected by Data-Breach

Silviu STAHIE

June 02, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Joomla Open-Source CMS Affected by Data-Breach

A data breach affecting Joomla, the popular open-source content management system (CMS), was announced by its developers from Open Source Matters.

While some data breaches take place when bad actors use vulnerabilities or cyberattacks, that”s not always the case. Human error is a quite often a cause, as was the case in the latest Joomla data breach.

An investigation is still underway, but it looks like the data breach took place due to improper cybersecurity hygiene. The Joomla developers posted all the information they had about the incident, including details of the compromised data.

“JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket,” reads the statement from the developers.

“The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach,” it said. “Each backup copy included a full copy of the website, including all the data. Most of the data was public, since users submitted their data with the intent of being included into a public directory. Private data (unpublished, unapproved listings, tickets) was included in the breach.”

The incident was discovered during a security audit that also revealed the presence of Super User accounts owned by individuals outside Open Source Matters.

A total of 2,700 people were affected by the data breach. The leaked information included the full name, the business address, business phone number, the company URL, the type of business, the encrypted passwords (hashed), the IP address, and the new subscription preferences.

It”s still unclear whether the data was just exposed, without being accessed by third parties. In any case, all users of Joomla Resources Directory are advised to change their passwords as soon as possible, especially since it”s possible that the same combination of credentials might have been used on other online services as well.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

500 million WhatsApp mobile phone numbers are up for grabs on the dark web 500 million WhatsApp mobile phone numbers are up for grabs on the dark web
Alina BÎZGĂ

November 25, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip How to monitor your online privacy during your Thanksgiving trip
Alina BÎZGĂ

November 22, 2022

3 min read
Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far
Alina BÎZGĂ

November 21, 2022

1 min read