Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.

The breach exposed affected users’ personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.

The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory (JRD) team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

The affected JRD portal lists developers and service providers specialized in Joomla, allowing registered users to extend their CMS with additional functionalities.

Joomla said the investigation is still ongoing and that accesses to the website have been temporarily suspended. It has also reached out to the concerned third-party to get the data deleted. It’s not clear if any party found the unencrypted backup and accessed the information.

The details that could have been potentially accessed by an unauthorized third-party are as follows:

• Full names
• Business addresses
• Business email addresses
• Business phone numbers
• Company URLs
• Nature of business
• Encrypted passwords (hashed)
• IP addresses
• Newsletter subscription preferences

The impact of the breach is said to be low, given that most of the information is already in the public domain.

In addition to mandating a password reset for all impacted accounts, it’s recommended to change them on other sites that reuse the same password to prevent credential stuffing attacks.

As a consequence of the audit, Joomla has removed all users who’ve not logged in before January 1st, 2019, as well as several unused groups. Furthermore, it has enabled two-factor authentication and rolled out security fixes on its platform.

“Even if we don’t have any evidence about data access, we highly recommend people who have an account on the Joomla Resources Directory and use the same password (or combination of an email address and password) on other services to immediately change their password for security reasons,” Joomla said in the advisory.

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.