A vulnerable Amazon Web Services S3 bucket has recently exposed the various data from the Joomla Resources Directory (JRD). As per Joomla’s Incident Response Task Group, this breach has uncovered personal details of around 2,700 users who had signed up for JRD. It contained information, including names, contact numbers, business addresses, emails, hashed passwords, etc.
A website audit revealed that a former leader of the JRD team stacked the backups data in an AWS S3 bucket. However, the S3 bucket was unprotected, and the data were not encrypted – possibly exposing the data to some unauthorized third party companies.
Source: Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket