The developers of the content management system (CMS) Joomla reported about data leak of 2700 users, which registered and created profiles on the JRD website.
The incident occurred because a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD website (resources.joomla.org) in the Amazon Web Services S3 bucket owned by his own company.The backup file was not encrypted and contained data of about 2.7 thousand users who registered and created profiles on the JRD website”, – said Joomla developers.
The resource is a portal where website developers based on Joomla offer their services.
It is unclear whether someone else discovered this data on the server. If third parties gained access to this backup, they had at their disposal such user data as:
- full name;
- business address;
- work email address;
- work phone number;
- company website URL;
- information on occupation;
- hashed password;
- IP address;
- newsletter subscription settings.
Since most of the listed above information was already in the public domain, the damage from the leak is considered to be minor. However, data such as password hashes and IP addresses is not intended for third parties.
Attackers can crack passwords and, if they are used on other sites, compromise user accounts by using credential substitution (the so-called credential stuffing attack). In this regard, JRD users are recommended to change passwords both on the portal and on other sites where they are used.
According to the Joomla team, immediately after report about the leak was conducted a full security audit of the JRD portal.
The audit also revealed Super User accounts owned by people outside of Open Source Matters”, — said Joomla developers.
An incident is being investigated. It is currently unknown someone has gained extraneous access to the file with a backup copy of the JRD site.
Open Source Matters is a US-registered non-profit organization created to protect the financial and legal interests of the Joomla project.
Joomla is not a frequent theme to the news about new vulnerabilities, but the point is probably the loss of the former popularity of one of the most common CMS 10 years ago. At the same time, we write about problems with WordPress and its plugins almost every week.