Security News > 2020 > June > Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket
An unprotected Amazon Web Services S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory, Joomla's Incident Response Task Group reported last week.
An internal website audit revealed that a third-party company owned by a former leader of the Joomla Resource Directory team - they are still a member of the JRD team - stored full JRD backups in an AWS S3 bucket.
The bucket was unprotected and the backups were not encrypted, potentially exposing the data to unauthorized third parties.
The JRD helps users find developers and service providers specializing in Joomla so most of the exposed data was public - users submitted it knowing that it would be made available in a public directory.
"Even if we don't have any evidence about data access, we highly recommend people who have an account on the Joomla Resources Directory and use the same password on other services to immediately change their password for security reasons," the Joomla Incident Response Task Group wrote in a security incident report.