Security News OWASP discloses data breach caused by wiki misconfiguration

Gandalf_The_Grey

Level 79
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,844
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.

Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security.

It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide.

OWASP says it discovered the Media Wiki misconfiguration in late February following several support requests. The incident impacted only members between 2006 and 2014 who provided resumes when joining the foundation as part of the old membership process.

"The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information," said OWASP Executive Director Andrew van der Stock.

"OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community. OWASP no longer collects resumes as part of the membership process."

The foundation will email affected individuals to notify them of the incident even though many of them are no longer members and the exposed personal details are, in many cases, out of date.
 
F

ForgottenSeer 109138

That's really messed up and certainly not leading by example. 8 years worth of "sign up" with full details leaked. The nonchalant attitude of we don't require that info now and assuming that "in many cases" some of the information is outdated is even worse.

It does however support two things I have been pushing lately about what we divulge and how misconfiguration leads to vulnerability.
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top