The Joomla Team Announced a Security Breach Caused by an Unencrypted Backup

Joomla Data Breach

The developers running Joomla, an open-source project and one of the most popular content management systems in the world, reported a data breach last week. A now-former member of the team uploaded a backup of the entire Joomla Resources Directory website to an unprotected Amazon Web Service (AWS) S3 bucket. Included in the backup were the details of about 2,700 registered users. The Joomla team decided not to sweep the breach under the carpet, and the incident was described in a rather detailed notification. Some might think that this is a strange decision.

Most of the exposed data was publicly accessible anyway

Most of the affected accounts are owned by developers who use the website to advertise their skills and services. The exposed details included names, email addresses, physical addresses, phone numbers, company websites, newsletter subscription preferences, IP addresses, and hashed passwords. Everything apart from the passwords was in plaintext, and the entire backup was not encrypted.

This is not a very good thing, but it must be said that the affected users don't have that much to worry about. Most of the information was publicly accessible anyway, so although there's no information on whether or not anyone has accessed the exposed backup, the potential impact of this particular data breach is rather low.

The poor backup handling is not a good look

Despite the relatively low severity of the breach, the Joomla team appears to be taking the incident seriously. And so they should.

As ZDNet pointed out, up until very recently, Joomla was the second most popular content management system in the world, and although it's nowhere near as big as WordPress, the number of websites that are based on it sits at well over 2 million. The responsibility for the people who run the project is pretty huge, and allowing unencrypted backups to leak like that is simply not acceptable.

Luckily, the breach was followed by a security audit, and the team assures us that a number of changes to the policies and procedures have been implemented. It's definitely a better-late-than-never situation, and we're hoping that the developers of other projects of this size will learn from Joomla's mistakes and will take the necessary precautions before any data is exposed.

By Duran
June 1, 2020
News
English
June 1, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

HSBC Customers Are Urged to Change Passwords in the Wake of a Security Breach

Last Friday, the American branch of HSBC filed a Notice of Data Breach letter with the Attorney General of the state of California. The multi-national bank apparently learned that between October 4 and October 14,... Read more

November 9, 2018
Malware

Top Essential Preparation Tips to Avoid a Web Security Breach

Security breaches within data management systems are a lot more common than we would like to think. We have already discussed several important security breaches topics throughout this year, including the Pentagon... Read more

November 20, 2018
News

Steps Every Outlook User Must Take in the Wake of a Major Security Breach

Last Friday, Outlook users started receiving breach notification emails from Microsoft which, in addition to telling them that an unknown attacker has accessed some of the information in their inbox, informed them... Read more

April 17, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.