Joomla is a popular and free open-source content management system that is used for the publication of web content. A few days ago, the team of Joomla mentioned the CMS data breach.
This happens as usually happened with BHIM payment, when the member of the team left an unencrypted backup of the JRD website on an unsecured Amazon Web Service S3 bucket.
The company mentioned that around or more than 2,700 used data have been accessed, also affecting the joomla.org website.
Impact On Joomla
The best part is that the company said it was confirmed that no financial or sensitive data that has been exposed in the breach. The Internal team of Joomla is tracing the footprints and finding the attacker footmarks for the incident.
There is some list which the backup consists of :
- Full Name
- Business Address
- Company URL
- Nature of the Business
- IP address
- Business Email Address
- Business Phone Number
- Encrypted credentials(Hashed)
- Newsletter subscription preferences
The Company Statement came “ The Most of data was public since users submitted their data with the intention of being part in a public directory. Private data was also included in the breach”
The Audit also specifies that there is a superuser account through which these attacks did but they removed and disable the superuser accounts.
The company also mentioned that there is no authority to the third-party for the access of the database and even though it prompts for reset passwords immediately if the same password is used for unauthorized logins.
The lastly mentioned the apologies for the issues and committed to providing the best security infrastructure for the community.
The Joomla team takes over the data breach and also convenience their user not to worry about the attack and we will figure out for the best data protection system which helps in the future to protect the user data.
