The team behind the Joomla open source content management system (CMS) has announced a security breach.
The incident took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD on an Amazon Web Services S3 bucket owned by their own company.
Data potentially affected included full name, business address, email and phone number, company URL, encrypted passwords and IP address.
In response to the news, Paul Edon, Senior Director Technical Sales and Services (EMEA) at Tripwire, said: “This incident confirms the findings of the Verizon Data Breach Investigation Report 2020, which highlighted that ‘misconfiguration’ is in the top five action varieties for breaches. It is an important acknowledgement that not all incidents are the result of an exploited vulnerability. Misconfigurations actually lead to more breaches than exploited systems, but organisations often don’t put the same effort into assessing them as they do scanning for vulnerabilities.”
Joomla said the overall risk to data subjects as a result of this data breach was low to medium.
Click below to share this article
