Administrators of the open source Joomla content management system announced a data incident that potentially compromised the information of 2,700 developers.
A database containing the personal data of users of Joomla Resources Directory website was discovered on an unprotected Amazon Web Services bucket following an internal audit. Leaked information included names, addresses, email addresses, phone numbers, encrypted passwords, and IP addresses.
“Data that would be typically used for the purposes of identity theft or fraud such as driver’s license numbers, Social Security numbers, mother’s maiden name was not included in the database,” stated the breach announcement on Joomla’s website, nothing that while “no formal notification was required… in the spirit of full transparency we have issued this statement and made all those who potentially might have been affected aware.”
Joomla administrators announced that they had removed all accounts that had been inactive since before 2019, and enabled multi-factor authentication for users on the site.