Joomla security breach exposes unencrypted personal data stored on S3 bucket
-Business email address
-Business phone number
-Nature of business
-Encrypted password (hashed)
-Newsletter subscription preferences
And no one was surprised
@okpierre Do you have any additional details, like an announcement, blogpost of CVE?
@berkes they published a blog post on it in the community portal
What is unclear to me: were those S3 buckets public readable?
Unencrypted backups on a third party are bad in itself, but probably not a security incident.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!