Joomla, which is now the third most used CMS, has disclosed a data breach last week. It reported that an employee handling its Resource Directory portal has left an unencrypted backup onto the company’s AWS S3 bucket! The team is investigating the incident now to find out that anyone has accessed the database. If did, it could expose 2,700 records of those who’ve signed up for that portal.
A Portal With 2,700 Records
Joomla was just surpassed by Shopify to be the second most used content management system, halting behind WordPress. It’s an open-source platform for users to build and manage self-hosted websites. And now, the security breach it reported shall affect only a few of its entire userbase, as it refers to its Resources Directory.
Joomla Resources Directory (JRD) is a portal for Joomla professionals, who can market their expertise in making, managing or marketing websites. As Joomla reported, a security breach has happened last week where an employee of the JRD team has left the full back-up of JRD portal on Joomla’s private AWS S3 bucket. It’s a simple storage service provided by Amazon.
Potential Details to Exploit
Since the backup was unencrypted, it could expose all those sensitive details available in that portal, which Joomla says identifiable details of over 2,700 accounts. This contains the account’s Full name, their email address, business address, phone number, company website’s URL, type of business, IP address, encrypted passwords and their newsletter subscription preferences.
While the names and addresses seem public information obtained from other sources, hashed passwords and IP addresses aren’t. These could be cracked by any adversary to hijack user accounts, and try for impersonation attacks or do fake activities. Joomla said it’s investigating the incident, and advised users to change their passwords as a precaution.