Security

Joomla Team Disclosed Data Breach Occurred Last Week

Joomla! is one of the biggest CMS in the World, to be specific, it is the 3rd most popular after WordPress and Drupal. Being that big in the industry, even a small error can cause millions of users worldwide. Just a few days back, the Joomla! the team announced a data breach that occurred accidentally last week.

Thankfully, the breach does not affect millions but 2,700 users who registered on JRD, Joomla Resources Directory. The incident happened last week when a member of JRD left a full unencrypted backup of JRD on AWS S3 server.

The company said that it was possible for a third-party to find and download the backup. It is not sure if any third-party had found it or not. In any case, Joomla team highly recommends all affected users to change their passwords on other websites (if they used the same password on multiple sites). Talking about passwords, the backup includes the following users’ details in the backup –

  • Full name
  • Business address
  • Business email address
  • Business phone number
  • Company URL
  • Nature of business
  • Encrypted password (hashed)
  • IP address
  • Newsletter subscription preferences

Most of the users’ information involved in the breach is already public except the IP address and hashed passwords. If anyone found the backup and successfully unhashed the passwords, he can use those passwords on other websites like Gmail, Microsoft, Facebook, etc. to access them. If you are affected by the breach, used the same passwords on Gmail, Facebook, etc. as on JRD platform, change your passwords immediately.

Leaving a full unencrypted backup of the entire platform is not a small mistake. The company realized it and did a full audit of the platform and implemented multiple improvements. You can check the Audit report.

Sohail

Mohd Sohail is a web developer and a Linux sysAdmin. He also loves to write how-to articles, applications reviews and loves to use new Linux distributions.

View Comments

  • I use Thunderbird. I set how I want my messages, descending, date, correspondent, order received. the next morning it is back to what Thunderbird sets for default. I have not been able to find a way to save my settings. If there is a way to save those settings, it is not very visible. That would be very useful.

Recent Posts

Ubuntu 21.10 “Impish Indri” Available To Download

After 6 months of development, Ubuntu 21.10 codenamed "Impish Indri" is now available for download.…

4 days ago

Best Spotify Alternatives For Linux

Spotify is the most popular music streaming service. A Spotify free account grants access to…

7 days ago

[Fixed] error: snap “package” not found

Snap has grown in popularity among Linux users. Instead of using system packages, snap containerizes…

2 weeks ago

Twitch Data Leak 2021 Includes 125GB Private Data

Another breach of the year 2021 is the Twitch Data Leak, which comprises 125GB of…

2 weeks ago

10 Best Games For Linux

I wrote a list of the best FPS games for Linux a few years ago.…

2 weeks ago

Epic Games To Release AntiCheat For Linux

The day I've been looking forward to for years. When I first started blogging in…

2 weeks ago