1 min read

Joomla Open-Source CMS Affected by Data-Breach

Silviu STAHIE

June 02, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Joomla Open-Source CMS Affected by Data-Breach

A data breach affecting Joomla, the popular open-source content management system (CMS), was announced by its developers from Open Source Matters.

While some data breaches take place when bad actors use vulnerabilities or cyberattacks, that”s not always the case. Human error is a quite often a cause, as was the case in the latest Joomla data breach.

An investigation is still underway, but it looks like the data breach took place due to improper cybersecurity hygiene. The Joomla developers posted all the information they had about the incident, including details of the compromised data.

“JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket,” reads the statement from the developers.

“The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach,” it said. “Each backup copy included a full copy of the website, including all the data. Most of the data was public, since users submitted their data with the intent of being included into a public directory. Private data (unpublished, unapproved listings, tickets) was included in the breach.”

The incident was discovered during a security audit that also revealed the presence of Super User accounts owned by individuals outside Open Source Matters.

A total of 2,700 people were affected by the data breach. The leaked information included the full name, the business address, business phone number, the company URL, the type of business, the encrypted passwords (hashed), the IP address, and the new subscription preferences.

It”s still unclear whether the data was just exposed, without being accessed by third parties. In any case, all users of Joomla Resources Directory are advised to change their passwords as soon as possible, especially since it”s possible that the same combination of credentials might have been used on other online services as well.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

DOJ Leaks Trove of California Gun Owners’ Personal Information Online DOJ Leaks Trove of California Gun Owners’ Personal Information Online
Alina BÎZGĂ

July 01, 2022

2 min read
Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers
Alina BÎZGĂ

June 22, 2022

2 min read
Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud
Alina BÎZGĂ

June 14, 2022

2 min read