Data Breaches

OWASP Data Breach Caused by Server Misconfiguration

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.

OWASP data breach

The Open Worldwide Application Security Project (OWASP) Foundation on Friday announced that the personal information provided by aspiring members over a decade ago was exposed in a data breach.

With tens of thousands of members, the OWASP Foundation is an online community that seeks to improve software security through open source projects and freely available articles, documentation, technologies, and tools for IoT, software, and web applications.

On March 29, OWASP revealed that a misconfiguration on its old wiki server resulted in the exposure of information provided in resumes that aspiring members were required to submit over a decade ago.

OWASP was launched in September 2001 and, as part of its early membership process, members were required to show a connection to the community. It collected resumes between 2006 and 2014.

“If you were an OWASP member from 2006 to around 2014 and provided your resume as part of joining OWASP, we advise assuming your resume was part of this breach,” the foundation says.

The exposed information, OWASP says, includes names, addresses, phone numbers, email addresses, and other personally identifiable information.

After identifying the misconfiguration in February 2024, the organization reviewed the wiki configuration for other security weaknesses, completely removed the resumes from the site, disabled directory browsing, purged the Cloudflare cache, and requested for the data to be removed from the Web Archive.

OWASP says it is in the process of notifying the impacted individuals via the email addresses identified during its investigation into the incident.

Advertisement. Scroll to continue reading.

“We are bringing this issue to the broader public’s attention with abundant caution. As many of the individuals affected by this breach are no longer with OWASP and the age of the data is between ten and 18 years old, a great deal of the personal details included in this breach are significantly out of date, making contact difficult,” the foundation says.

While the impacted individuals do not need to take immediate action to secure their information, since OWASP has already removed it from the internet, taking the usual precautions is necessary if the exposed information is current.

Related: Massachusetts Health Insurer Data Breach Impacts 2.8 Million

Related: Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens

Related: American Express Notifies Customers of Data Breach

Related Content

Data Breaches

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics...

Data Breaches

The recent AT&T data breach impacts 51 million customers, the company tells Maine's attorney general.

Data Breaches

The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin.

Data Breaches

Veterinary services provider CVS Group is restoring systems after a cyberattack disrupted its UK operations.

Data Breaches

Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach.

Data Breaches

City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information.

Data Breaches

Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords.

Data Breaches

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version