Joomla security breach exposes unencrypted personal data stored on S3 bucket

-Full name
-Business address
-Business email address
-Business phone number
-Company URL
-Nature of business
-Encrypted password (hashed)
-IP address
-Newsletter subscription preferences

· · Web · 2 · 7 · 8

@okpierre Do you have any additional details, like an announcement, blogpost of CVE?

@berkes they published a blog post on it in the community portal



What is unclear to me: were those S3 buckets public readable?

Unencrypted backups on a third party are bad in itself, but probably not a security incident.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!