Expert Insight: Joomla Data Breach

According to ZDNet, Joomla, an open  source content management system for publishing web content, has recently suffered a data breach. The breach occurred due to an unencrypted backup of the JRD portal on a private AWS S3 bucket. The leaked backup file contained details for about 2,700 registered users and includes PII such as full names, addresses, email addresses, phone numbers, IP addresses and hashed passwords. While most of the information was already public, the loss of passwords, regardless of encryption level is still incredibly risky and can lead to a rise in credential stuffing.


EXPERTS COMMENTS
Jake Moore, Cybersecurity Specialist,  ESET
June 02, 2020
S3 is one of the oldest services in AWS, and the good news is that it always defaults to secure and private.
This is yet another Amazon S3 bucket incident, which proves again that site owners are clearly not aware of the scale of this vulnerability. Time after time there are incidents where data is lost or compromised – and, when the data is not even encrypted, we are seeing potentially catastrophic outcomes. S3 is one of the oldest services in AWS, and the good news is that it always defaults to sec ....
[Read More >>]
Paul Edon, Senior Director (EMEA) ,  Tripwire
June 02, 2020
Joomla users should reset their credentials immediately.
This incident confirms the findings of the Verizon Data Breach Investigation Report 2020, which highlighted that “misconfiguration” is in the top five action varieties for breaches. It is an important acknowledgement that not all incidents are the result of an exploited vulnerability. Misconfigurations actually lead to more breaches than exploited systems, but organizations often don’t put t ....
[Read More >>]
Robert Ramsden Board, VP EMEA ,  Securonix
June 01, 2020
This includes backup files! Even if the majority of the information is in the public domain.
Unfortunately it seems as though businesses are not learning their lessons, and yet again leaky AWS S3 bucket security is the cause of a data breach. Enterprises must remember that their security is only as strong as their weakest link, and time and time again we are seeing AWS S3 bucket security appearing as that weakest link. It is important to remember that AWS S3 buckets have varying levels of ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article