Joomla

    Joomla Team Discloses Data Breach

    websitebuildersnowBy No Comments2 Mins Read


    Jumura

    Image: The Joomla Team

    The team behind the Joomla open source content management system (CMS) announced a security breach last week.

    The incident occurred after a member of the Joomla Resources Directory (JRD) team left a complete backup of the JRD site (resources.joomla.org) in a company-owned Amazon Web Services S3 bucket.

    According to the Joomla team, the backup file is unencrypted and contains details of approximately 2,700 users who have registered and created profiles on the JRD website (a portal where professionals promote their Joomla site-building skills). I was.

    Joomla administrators say the incident is still under investigation. It is unknown at this time if anyone found and downloaded the data from her S3 server at a third party.

    Data that could have been exposed if someone found the backup and downloaded it includes details such as:

    • full name
    • work address
    • business email address
    • company phone number
    • Company URL
    • nature of business
    • encrypted password (hash)
    • IP address
    • Newsletter subscription settings

    Since the JRD portal acts as a directory for Joomla professionals, most of this information has already been made public, so this violation is considered of low severity. However, hashed passwords and IP addresses were never intended to be exposed.

    The Joomla team currently recommends that all JRD users change their passwords on the JRD portal, but also on other sites where they have reused passwords. User’s password.

    The Joomla team also said they conducted a full security audit of the JRD portal after learning that a backup of the JRD site was accidentally leaked.

    In a breach disclosure published last Thursday, the Joomla team said, “The audit also highlighted the existence of superuser accounts owned by individuals outside of Open Source Matters.

    Joomla developers say they have taken action by removing the superuser account and disabling all user accounts that have not logged in since January 1, 2019.

    Joomla is a content management system (CMS) and web-based application used to build and manage self-hosted websites. It is now his 3rd most used CMS on the internet. It was passed to the second spot by Shopify this month.

    What’s your name?These DevOps Tools Have a Strange Backstory



    Source link

    Share.

    Related Posts

    Add A Comment

    Leave a Reply