Malware
OWASP Reveals Alarming Data Breach Due to Wiki Misconfiguration Blunder
OWASP Foundation has disclosed a data breach affecting its users due to a wiki misconfiguration. The breach exposed users’ email addresses, password hashes, and API credentials, urging them to change their passwords and revoke their API keys.
A Recent Data Breach at OWASP Foundation
The OWASP Foundation, short for Open Worldwide Application Security Project, recently disclosed a data breach. Some members’ resumes were exposed online due to a misconfiguration of their old Wiki web server. Launched in December 2001, OWASP is a nonprofit foundation focused on software security. With tens of thousands of members and over 250 chapters, they organize educational and training conferences worldwide.
How Was the Breach Discovered?
OWASP discovered the Media Wiki misconfiguration in late February after receiving several support requests. The incident affected members who joined the foundation between 2006 and 2014 and provided resumes as part of the old membership process.
“The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information,” said OWASP Executive Director Andrew van der Stock. He also mentioned that OWASP collected resumes during the 2006 to 2014 era to show a connection to the community but no longer does so as part of the membership process.
Notifying Affected Individuals and Addressing the Breach
OWASP plans to email affected individuals to notify them of the incident, even if they are no longer members or their exposed personal details are out of date. In response to the data breach, the foundation has taken several measures:
- Disabling directory browsing
- Reviewing the web server and Media Wiki configuration for other security issues
- Removing all resumes from the wiki site
- Purging the Cloudflare cache
- Reaching out to the Web Archive to request the removal of exposed resume information
How to Protect Your Information
According to van der Stock, “OWASP has already removed your information from the Internet, so no immediate action on your part is required. Nothing needs to be done if the information at risk is outdated.” However, if your information is still current, such as your mobile phone number, take precautions when answering unsolicited emails, mail, or phone calls.
Stay Informed and Keep Learning
As cybersecurity experts, we at IT Services encourage you to stay informed about potential threats and breaches. We’re here to help you navigate the ever-changing landscape of cybersecurity and protect your valuable information. Don’t hesitate to contact us to learn more about safeguarding your digital assets, and be sure to keep coming back for the latest updates and insights.