Joomla security breach exposes unencrypted personal data stored on S3 bucket

-Full name
-Business address
-Business email address
-Business phone number
-Company URL
-Nature of business
-Encrypted password (hashed)
-IP address
-Newsletter subscription preferences

#joomla #cms #opensource #software #foss #php #security

@okpierre Do you have any additional details, like an announcement, blogpost of CVE?

@berkes they published a blog post on it in the community portal

Follow

@okpierre

FWIW: community.joomla.org/blogs/com

What is unclear to me: were those S3 buckets public readable?

Unencrypted backups on a third party are bad in itself, but probably not a security incident.

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!