Security News OWASP discloses data breach caused by wiki misconfiguration

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,611
Content source
https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.

Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security.

It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide.

OWASP says it discovered the Media Wiki misconfiguration in late February following several support requests. The incident impacted only members between 2006 and 2014 who provided resumes when joining the foundation as part of the old membership process.

"The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information," said OWASP Executive Director Andrew van der Stock.

"OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community. OWASP no longer collects resumes as part of the membership process."

The foundation will email affected individuals to notify them of the incident even though many of them are no longer members and the exposed personal details are, in many cases, out of date.
Click to expand...
www.bleepingcomputer.com

OWASP discloses data breach caused by wiki misconfiguration

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Trident, harlan4096 and vtqhtr413
Practical Response

Practical Response

Level 8
Mar 10, 2024
359
That's really messed up and certainly not leading by example. 8 years worth of "sign up" with full details leaked. The nonchalant attitude of we don't require that info now and assuming that "in many cases" some of the information is outdated is even worse.

It does however support two things I have been pushing lately about what we divulge and how misconfiguration leads to vulnerability.
 
  • Like
Reactions: Gandalf_The_Grey

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Mint Mobile discloses new data breach exposing customer data
Replies
0
Views
985
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Sad
Security News American Express credit cards exposed in third-party data breach
Replies
1
Views
1,151
Security News
Dave Russo
Dave Russo
Gandalf_The_Grey
    • Wow
    • Sad
Security News US cancer center data breach exposes info of 827,000 patients
Replies
0
Views
1,171
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top