Follow

Joomla security breach exposes unencrypted personal data stored on S3 bucket

-Full name
-Business address
-Business email address
-Business phone number
-Company URL
-Nature of business
-Encrypted password (hashed)
-IP address
-Newsletter subscription preferences

· · Web · 3 · 7 · 8

@okpierre Do you have any additional details, like an announcement, blogpost of CVE?

@berkes they published a blog post on it in the community portal

@okpierre

FWIW: community.joomla.org/blogs/com

What is unclear to me: were those S3 buckets public readable?

Unencrypted backups on a third party are bad in itself, but probably not a security incident.

@okpierre

Crazy I didn't hear about #joomla for years. For me the name joomla sound like 2010.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!