Joomla admits security breach affecting over 2,000 users

Joomla admits security breach affecting over 2,000 users

The team behind the Joomla open source content management system (CMS) has disclosed a data breach that affected more than 2,000 users of the JRD website (resources.joomla.org).

The leak was discovered during an internal website audit, the team said. The breach occurred after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site on a third-party company Amazon Web Services S3 bucket. Each backup copy included a full copy of the website, including all the data.

According to the Joomla team, the backup file contained information for 2,700 users with an account on the JRD website. The potentially affected data includes:

  • Full name

  • Business address

  • Business email address

  • Business phone number

  • Company URL

  • Nature of business

  • Encrypted password (hashed)

  • IP address

  • Newsletter subscription preferences

The team said the exposed database did not contain payment data or information that would be typically used for the purposes of identity theft or fraud (driver’s license numbers, social security numbers, or mother’s maiden name).

Although there is no evidence that exposed data was accessed by third parties, users who have an account on the Joomla Resources Directory are advised to change their passwords, especially if these passwords (or combination of email address and password) are used in other services.

Back to the list

Latest Posts

Previously unknown NightEagle APT targets China's high-tech sector

Previously unknown NightEagle APT targets China's high-tech sector

The group is believed to use a suspected Microsoft Exchange zero-day exploit to gain covert access to target systems.
7 July 2025
Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025