Post by account_disabled on Feb 25, 2024 6:34:04 GMT
A security breach related to the Joomla CMS was announced last week Last week a member of the Joomla Resources Directory (JRD) team left a full unencrypted backup of the JRD site on an insecure Amazon Web Services S3 maintained by the company. What the company did not disclose, however, is that third parties were able to find and access the S3 server. Here's what the statement about the data breach says: Full, unencrypted backups of the JRD site were stored on a third-party Amazon Web Services S3. This company is owned by a previous team leader, still a member of the JRD team at the time of the breach and known to the current team leader.
Each backup included a complete copy of the website, including all data. The backup Chinese Student Phone Number List contained, in fact, the details of approximately 2700 users who registered and created profiles on the JRD site. The data contained in the backup included: first and last names, work addresses, company email and telephone, site URL, encrypted password, IP address, newsletter subscription preferences. The breach statement states that most of the data was public due to it being a public directory but that private data was also exposed.
To date, the Joomla team is investigating the data leak, as it is not yet clear whether anyone found and downloaded the data from the S3 server. Additionally, the team performed a full security audit of the portal which, as the statement continues, highlighted the presence of Super User accounts owned by private individuals outside of Open Source Matters. The Joomla team urges JRD users to change their password on the JRD portal and other sites where they share login credentials. The statement concludes: While we have no evidence of data access, we recommend that users who have an account in the Joomla resource list and use the same password (or email address and password combination) on other services, immediately change their your password for security reasons .
Each backup included a complete copy of the website, including all data. The backup Chinese Student Phone Number List contained, in fact, the details of approximately 2700 users who registered and created profiles on the JRD site. The data contained in the backup included: first and last names, work addresses, company email and telephone, site URL, encrypted password, IP address, newsletter subscription preferences. The breach statement states that most of the data was public due to it being a public directory but that private data was also exposed.
To date, the Joomla team is investigating the data leak, as it is not yet clear whether anyone found and downloaded the data from the S3 server. Additionally, the team performed a full security audit of the portal which, as the statement continues, highlighted the presence of Super User accounts owned by private individuals outside of Open Source Matters. The Joomla team urges JRD users to change their password on the JRD portal and other sites where they share login credentials. The statement concludes: While we have no evidence of data access, we recommend that users who have an account in the Joomla resource list and use the same password (or email address and password combination) on other services, immediately change their your password for security reasons .