Responsible for infringement is a member of the Joomla Resources Directory (JRD) team that left ecrowned a complete copy security of the JRD site (Resources.joomla.org) in one Amazon Web Services S3 bucket owned by the company.
According to Joomla's team, the backup was not encrypted and contained data for about 2.700 users who had registered and created a profile on the JRD site (a portal where professionals advertise their skills on Joomla).
In case someone found the copy security, had access to the following data:
- Full name
- Business address
- Business email address
- Business phone number
- Company URL
- Nature of business
- Encrypted password
- IP address
The incident is not considered serious, as well most of this information was already public. The JRD portal serves as a list for Joomla professionals. However, the hashed passwords and IP addresses were not intended to be public.
Joomla's team recommends that all JRD users change their password on the JRD portal, but also in others sites and applications that may have used the same codes. If someone has found the data, they can use it to obtain it access and other accounts.
The Joomla team said that as soon as they learned about this backup leak, they conducted a full security check on the JRD portal.
Joomla is very popular system Content Management (CMS), an online application used to create and manage self-hosted websites. Right now, she's taking over third place in the list of CMS most used on the Internet.