Security News OWASP discloses data breach caused by wiki misconfiguration

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Content source
https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.

Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security.

It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide.

OWASP says it discovered the Media Wiki misconfiguration in late February following several support requests. The incident impacted only members between 2006 and 2014 who provided resumes when joining the foundation as part of the old membership process.

"The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information," said OWASP Executive Director Andrew van der Stock.

"OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community. OWASP no longer collects resumes as part of the membership process."

The foundation will email affected individuals to notify them of the incident even though many of them are no longer members and the exposed personal details are, in many cases, out of date.
Click to expand...
www.bleepingcomputer.com

OWASP discloses data breach caused by wiki misconfiguration

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Trident, harlan4096 and vtqhtr413
F

ForgottenSeer 109138

That's really messed up and certainly not leading by example. 8 years worth of "sign up" with full details leaked. The nonchalant attitude of we don't require that info now and assuming that "in many cases" some of the information is outdated is even worse.

It does however support two things I have been pushing lately about what we divulge and how misconfiguration leads to vulnerability.
 
  • Like
Reactions: Gandalf_The_Grey

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Security News Car rental giant Avis discloses data breach impacting customers
Replies
0
Views
1,572
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Internet Archive hacked, data breach impacts 31 million users
Replies
1
Views
2,457
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • Like
Security News Business services giant CBIZ discloses customer data breach
Replies
1
Views
1,776
Security News
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top