OWASP breach exposes decade of resumes due to misconfigured server

OWASP breach exposes decade of resumes due to misconfigured server

April 2, 2024 at 02:40PM

A misconfigured MediaWiki web server led to a data breach at the Open Web Application Security Project (OWASP) Foundation. Resumes of members from 2006 to around 2014, consisting of personal details, were accessed. OWASP is advising caution as the breached data could be used for identity fraud and phishing attempts. Measures have been taken to prevent future breaches.

Sure, I can help you with that. From the meeting notes provided, it seems that a misconfigured MediaWiki web server led to a data breach at the Open Web Application Security Project (OWASP) Foundation. The breach involved accessing resumes and personal details of OWASP members, including names, email addresses, phone numbers, physical addresses, and other personally identifiable information. OWASP became aware of the breach in late February and has advised members who joined between 2006 and around 2014 to assume their resumes were part of the breach. While the good news is that the resumes are mostly a decade old, OWASP acknowledges the significance of the breach and the potential risks of identity fraud and phishing attempts. The foundation has taken steps to prevent future breaches, such as disabling directory browsing, implementing two-factor authentication, and removing all resumes from the site. It has also purged CloudFlare caches and requested the removal of accessed data from web archives. Additionally, OWASP is attempting to notify affected individuals via email, although the age of the resumes has made this more challenging.

Full Article