Home>Blog>The Hacker News Headlines>Joomla Resources Directory (JRD) Portal Suffers Data Breach
The Hacker News Headlines

Joomla Resources Directory (JRD) Portal Suffers Data Breach

joomla data breachjoomla data breach

Joomla, one of the most popular Open-source content management
systems (CMS), last week announced a new data breach
impacting 2,700 users who have an account with its resources
directory (JRD) website, i.e., resources.joomla.org.

The breach exposed affected users’ personal information, such as
full names, business addresses, email addresses, phone numbers, and
encrypted passwords.

The company said the incident came to light during an internal
website audit that revealed that a member of the Joomla Resources
Directory (JRD) team stored a full unencrypted backup of the
JRD website on an
Amazon Web Services S3 bucket owned by the third-party company.
[2]

The affected JRD portal lists developers and service providers
specialized in Joomla, allowing registered users to extend their
CMS with additional functionalities.

Joomla said the investigation is still ongoing and that accesses
to the website have been temporarily suspended. It has also reached
out to the concerned third-party to get the data deleted. It’s not
clear if any party found the unencrypted backup and accessed the
information.

The details that could have been potentially accessed by an
unauthorized third-party are as follows:

  • Full names
  • Business addresses
  • Business email addresses
  • Business phone numbers
  • Company URLs
  • Nature of business
  • Encrypted passwords (hashed)
  • IP addresses
  • Newsletter subscription preferences

The impact of the breach is said to be low, given that most of the
information is already in the public domain.
In addition to mandating a password reset for all impacted
accounts, it’s recommended to change them on other sites that reuse
the same password to prevent credential stuffing attacks.

As a consequence of the audit, Joomla has removed all users
who’ve not logged in before January 1st, 2019, as well as several
unused groups. Furthermore, it has enabled two-factor
authentication and rolled out security fixes on its platform.

“Even if we don’t have any evidence about data access, we highly
recommend people who have an account on the Joomla Resources
Directory and use the same password (or combination of an email
address and password) on other services to immediately change their
password for security reasons,” Joomla said in the advisory.

[1]

References

  1. ^
    new data breach
    (community.joomla.org)
  2. ^
    JRD website
    (resources.joomla.org)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.