A data breach affecting Joomla, the popular open-source
content management system (CMS), was announced by its developers from Open
Source Matters.
While some data breaches take place when bad actors use
vulnerabilities or cyberattacks, that’s not always the case. Human error is a quite
often a cause, as was the case in the latest Joomla data breach.
An investigation is still underway, but it looks like the
data breach took place due to improper cybersecurity hygiene. The Joomla
developers posted all the information they had about the incident, including
details of the compromised data.
“JRD full site backups (unencrypted) were stored in a
third-party company Amazon Web Services S3 bucket,” reads the statement
from the developers.
“The third-party company is owned by a former Team
Leader, still Member of the JRD team at the time of the breach,” it said. “Each
backup copy included a full copy of the website, including all the data. Most
of the data was public, since users submitted their data with the intent of
being included into a public directory. Private data (unpublished, unapproved
listings, tickets) was included in the breach.”
The incident was discovered during a security audit that
also revealed the presence of Super User accounts owned by individuals outside
Open Source Matters.
A total of 2,700 people were affected by the data breach.
The leaked information included the full name, the business address, business
phone number, the company URL, the type of business, the encrypted passwords (hashed),
the IP address, and the new subscription preferences.
It’s still unclear whether the data was just exposed,
without being accessed by third parties. In any case, all users of Joomla
Resources Directory are advised to change their passwords as soon as possible,
especially since it’s possible that the same combination of credentials might
have been used on other online services as well.