A data breach affecting Joomla, the popular open-source content management system (CMS), was announced by its developers from Open Source Matters.
While some data breaches take place when bad actors use vulnerabilities or cyberattacks, that’s not always the case. Human error is a quite often a cause, as was the case in the latest Joomla data breach.
An investigation is still underway, but it looks like the data breach took place due to improper cybersecurity hygiene. The Joomla developers posted all the information they had about the incident, including details of the compromised data.
“JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket,” reads the statement from the developers.
“The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach,” it said. “Each backup copy included a full copy of the website, including all the data. Most of the data was public, since users submitted their data with the intent of being included into a public directory. Private data (unpublished, unapproved listings, tickets) was included in the breach.”
The incident was discovered during a security audit that also revealed the presence of Super User accounts owned by individuals outside Open Source Matters.
A total of 2,700 people were affected by the data breach. The leaked information included the full name, the business address, business phone number, the company URL, the type of business, the encrypted passwords (hashed), the IP address, and the new subscription preferences.
It’s still unclear whether the data was just exposed, without being accessed by third parties. In any case, all users of Joomla Resources Directory are advised to change their passwords as soon as possible, especially since it’s possible that the same combination of credentials might have been used on other online services as well.