By 
Last week, a security breach was announced by the team behind the Joomla open source content.
The incident occurred after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site on an Amazon Web Services S3 bucket owned by their own company.
The Joomla team said the backup file was not encoded and comprised details for almost 2,700 users who recorded and created profiles on the JRD website.
Joomla admins said they are still examining the incident. It is presently unclear if anyone discovered and downloaded the data from the third-party company’s S3 server.
Data that could have been revealed in the case someone found and downloaded the backup comprises details such as full name; business address; business email address; business phone number; company URL; nature of business; encoded password; IP address; and newsletter subscription preferences.
The importance of this breach is thought to be low, as most of this data was already public, but hashed passwords and IP addresses were not intended to be public.
The Joomla team is now endorsing that all JRD users change their password on the JRD portal, but also on other websites where they reused the password, adding that once it came to know of this inadvertent leak of the JRD site backup, they also conducted a full security audit of the JRD portal.
“The audit also highlighted the presence of Super User accounts owned by individuals outside Open Source Matters,” the Joomla team said in a breach disclosure published last Thursday.
Joomla, a content management system (CMS), is used to build and manage self-hosted websites, and is currently the third-most used CMS on the internet.
