Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.
The breach exposed affected users’ personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.
The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory (JRD) team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.
The affected JRD portal lists developers and service providers specialised in Joomla, allowing registered users to extend their CMS with additional functionalities.
Joomla said the investigation is still ongoing and that accesses to the website have been temporarily suspended. It has also reached out to the concerned third-party to get the data deleted. It’s not clear if any party found the unencrypted backup and accessed the information.
The details that could have been potentially accessed by an unauthorised third-party are as follows:
- Full names
- Business addresses
- Business email addresses
- Business phone numbers
- Company URLs
- Nature of business
- Encrypted passwords (hashed)
- IP addresses
- Newsletter subscription preferences
The impact of the breach is said to be low, given that most of the information is already in the public domain.
images from Hacker News