Joomla Data Breach: Joomla Resources Directory Users Exposed

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. What should Joomla Resources Directory users do?

Joomla has just reported a data breach. The breach occurred after a member of Joomla Resources Directory left a full backup of the JRD site, resources.joomla.org, on an Amazon Web Services S3 bucket.

Not only was the file not encrypted but it also contained details for at least 2,700 users with registered profiles on the JRD sites. As for the JRD site, it is mainly used by professionals who use it to advertise their Joomla-related skills.

JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket. The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach. Known to the current Team Leader at the time of the breach, the official announcement says.

Joomla is currently investigating the breach, and it’s still unknown whether someone downloaded the data from the AWS S3 bucket server. In case of further exploits, exposed data that can be abused includes sensitive details, such as:

  • Full name of the user;
  • Business address, email address and phone number;
  • Company URL;
  • Nature of business;
  • Encrypted password (hashed);
  • IP address;
  • Newsletter subscription preferences.

The good news is that the impact of the data breach is considered low, as most of the breached information was already publicly known. However, this is not valid for hashed passwords and IP addresses, which were not public prior to the breach.

What should Joomla Resources Directory users do?

Joomla recommends impacted JRD users change their passwords on the portal immediately. In case this password has been reused on other services, it should be changed for these services as well. The latter is done as a precautionary measure against credential stuffing attacks where hackers use cracked user passwords.

Following the incident, the Joomla team carried out a full security audit of the JRD portal.

Even if we don’t have any evidence about data access, we highly recommend people who have an account on the Joomla Resources Directory and use the same password (or combination of email address and password) on other services to immediately change their password for security reasons,” Joomla’s advisory reads.

Joomla is considered a great alternative to WordPress. It is a fully customizable content management system used by millions of businesses, organizations, and individuals all over the world. It has over 2 millions downloads.

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.