Virtual Event Today: Ransomware Resilience & Recovery Summit - Login to Live Event
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

OWASP Data Breach Caused by Server Misconfiguration

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.

OWASP data breach

The Open Worldwide Application Security Project (OWASP) Foundation on Friday announced that the personal information provided by aspiring members over a decade ago was exposed in a data breach.

With tens of thousands of members, the OWASP Foundation is an online community that seeks to improve software security through open source projects and freely available articles, documentation, technologies, and tools for IoT, software, and web applications.

On March 29, OWASP revealed that a misconfiguration on its old wiki server resulted in the exposure of information provided in resumes that aspiring members were required to submit over a decade ago.

OWASP was launched in September 2001 and, as part of its early membership process, members were required to show a connection to the community. It collected resumes between 2006 and 2014.

“If you were an OWASP member from 2006 to around 2014 and provided your resume as part of joining OWASP, we advise assuming your resume was part of this breach,” the foundation says.

The exposed information, OWASP says, includes names, addresses, phone numbers, email addresses, and other personally identifiable information.

After identifying the misconfiguration in February 2024, the organization reviewed the wiki configuration for other security weaknesses, completely removed the resumes from the site, disabled directory browsing, purged the Cloudflare cache, and requested for the data to be removed from the Web Archive.

OWASP says it is in the process of notifying the impacted individuals via the email addresses identified during its investigation into the incident.

Advertisement. Scroll to continue reading.

“We are bringing this issue to the broader public’s attention with abundant caution. As many of the individuals affected by this breach are no longer with OWASP and the age of the data is between ten and 18 years old, a great deal of the personal details included in this breach are significantly out of date, making contact difficult,” the foundation says.

While the impacted individuals do not need to take immediate action to secure their information, since OWASP has already removed it from the internet, taking the usual precautions is necessary if the exposed information is current.

Related: Massachusetts Health Insurer Data Breach Impacts 2.8 Million

Related: Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens

Related: American Express Notifies Customers of Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.