Joomla Open-Source CMS Affected by Data-Breach
A data breach affecting Joomla, the popular open-source content management system (CMS), was announced by its developers from Open Source Matters.
While some data breaches take place when bad actors use vulnerabilities or cyberattacks, that”s not always the case. Human error is a quite often a cause, as was the case in the latest Joomla data breach.
An investigation is still underway, but it looks like the data breach took place due to improper cybersecurity hygiene. The Joomla developers posted all the information they had about the incident, including details of the compromised data.
“JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket,” reads the statement from the developers.
“The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach,” it said. “Each backup copy included a full copy of the website, including all the data. Most of the data was public, since users submitted their data with the intent of being included into a public directory. Private data (unpublished, unapproved listings, tickets) was included in the breach.”
The incident was discovered during a security audit that also revealed the presence of Super User accounts owned by individuals outside Open Source Matters.
A total of 2,700 people were affected by the data breach. The leaked information included the full name, the business address, business phone number, the company URL, the type of business, the encrypted passwords (hashed), the IP address, and the new subscription preferences.
It”s still unclear whether the data was just exposed, without being accessed by third parties. In any case, all users of Joomla Resources Directory are advised to change their passwords as soon as possible, especially since it”s possible that the same combination of credentials might have been used on other online services as well.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022