Joomla team has confirmed a data breach in which details of about 2,700 users are believed to be leaked. The team announced the data breach back in Thursday last week.
Joomla is one of the popular Content Management System or CMS on the Internet. It is currently holding the position number 3. It was only a few days back that the platform’s ranking came to 3rd and Shopify is now second.
The data breach only affected people registered on the Joomla Resources Directory. The breach happened after a Joomla team member left a full backup of Joomla Resources Directory (JRD) on an Amazon S3 Bucket operated by Joomla itself.
The data on the backup file was not encrypted, making it easier for attackers to reveal the information. As per the team, the backup roughly contains about 2,700 users who registered and have a valid profile on the JRD website.
Since the backup file was not encrypted, it will be easier for anyone to crack it. So users are advised to change the password on the JRD site as well as other places where the same passwords are used.
The exposed backup data file contains information like Full name, Business address, Business email address, Business phone number, Company URL,
Nature of business, Encrypted password (hashed), IP address, Newsletter subscription preferences.
JRD website is a directory for Joomla Professionals and many of the details were already public. But the hashed passwords and other data were not made public.
The Joomla Team is now investigating the issue and they have shared the same on their blog post. Furthermore, the team also did a full security adult of the Joomla Resources Directory as well.