The OWASP Basis has disclosed a data breach after some members’ resumes had been uncovered on-line as a result of a misconfiguration of its outdated Wiki net server.
Brief for Open Worldwide Utility Safety Undertaking, OWASP is a nonprofit basis launched in December 2001 and focuses on software program security.
It now has tens of hundreds of members and greater than 250 chapters that manage instructional and coaching conferences worldwide.
OWASP says it found the Media Wiki misconfiguration in late February following a number of help requests.
The incident solely affected members who joined the inspiration between 2006 and 2014 and supplied resumes as a part of the outdated membership course of.
“The resumes contained names, e-mail addresses, telephone numbers, bodily addresses, and different personally identifiable info,” mentioned OWASP Government Director Andrew van der Inventory.
“OWASP collected resumes as a part of the early membership course of, whereby members had been required within the 2006 to 2014 period to indicate a connection to the OWASP neighborhood. OWASP now not collects resumes as a part of the membership course of.”
The muse will e-mail affected people to inform them of the incident regardless that lots of them are now not members and the uncovered private particulars are, in lots of instances, old-fashioned.
OWASP additionally took a number of measures to handle the data breach, disabling listing searching and reviewing the online server and Media Wiki configuration for different security points.
To stop additional entry, they eliminated all resumes from the wiki web site and purged the Cloudflare cache. Moreover, OWASP reached out to the Internet Archive and requested that the uncovered resume info be eliminated.
“OWASP has already eliminated your info from the Web, so no rapid motion in your half is required. Nothing must be accomplished if the data in danger is outdated,” van der Inventory added.
“Nonetheless, if the data is present, equivalent to containing your cell phone quantity, please take the same old precautions when answering unsolicited emails, mail, or telephone calls.”
