Show vulnerabilities with patch / with exploit
1 June 2020

Joomla admits security breach affecting over 2,000 users


Joomla admits security breach affecting over 2,000 users

The team behind the Joomla open source content management system (CMS) has disclosed a data breach that affected more than 2,000 users of the JRD website (resources.joomla.org).

The leak was discovered during an internal website audit, the team said. The breach occurred after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site on a third-party company Amazon Web Services S3 bucket. Each backup copy included a full copy of the website, including all the data.

According to the Joomla team, the backup file contained information for 2,700 users with an account on the JRD website. The potentially affected data includes:

  • Full name

  • Business address

  • Business email address

  • Business phone number

  • Company URL

  • Nature of business

  • Encrypted password (hashed)

  • IP address

  • Newsletter subscription preferences

The team said the exposed database did not contain payment data or information that would be typically used for the purposes of identity theft or fraud (driver’s license numbers, social security numbers, or mother’s maiden name).

Although there is no evidence that exposed data was accessed by third parties, users who have an account on the Joomla Resources Directory are advised to change their passwords, especially if these passwords (or combination of email address and password) are used in other services.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020