A vulnerable Amazon Web Services S3 bucket has recently exposed the various data from the Joomla Resources Directory (JRD). According to Joomla’s Incident Response Task Group, this data breach has uncovered personal details of around 2,700 users who had signed up for JRD. It contained information, including names, contact numbers, business addresses, emails, hashed passwords, etc.
A website audit revealed that a former leader of the JRD team stacked the backups data in an AWS S3 bucket. While the S3 bucket was unprotected, and the data were not encrypted – possibly exposing the data to some unauthorized third-party companies.