Article Details
Scrape Timestamp (UTC): 2024-04-01 19:26:01.589
Original Article Text
Click to Toggle View
OWASP discloses data breach caused by wiki misconfiguration. The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security. It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide. OWASP says it discovered the Media Wiki misconfiguration in late February following several support requests. The incident impacted only members between 2006 and 2014 who provided resumes when joining the foundation as part of the old membership process. "The resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information," said OWASP Executive Director Andrew van der Stock. "OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community. OWASP no longer collects resumes as part of the membership process." The foundation will email affected individuals to notify them of the incident even though many of them are no longer members and the exposed personal details are, in many cases, out of date. OWASP also took several measures to address the data breach, disabling directory browsing and reviewing the web server and Media Wiki configuration for other security issues. To prevent further access, they removed all resumes from the wiki site and purged the Cloudflare cache. Additionally, OWASP reached out to the Web Archive and requested that the exposed resume information be removed. "OWASP has already removed your information from the Internet, so no immediate action on your part is required. Nothing needs to be done if the information at risk is outdated," van der Stock added. "However, if the information is current, such as containing your mobile phone number, please take the usual precautions when answering unsolicited emails, mail, or phone calls."
Daily Brief Summary
OWASP disclosed a data breach revealing resumes with personal information due to a Media Wiki server misconfiguration.
The breach affected members from 2006 to 2014 who had submitted resumes during the earlier membership application process.
Exposed data included names, email addresses, phone numbers, physical addresses, and other personal information.
The breach was discovered after OWASP received several support requests in late February.
OWASP has contacted affected individuals, assuring that outdated information poses a limited risk and advising caution if details are current.
As a response, OWASP disabled directory browsing, reviewed server configurations, removed resumes, purged caches, and requested Web Archive to delete exposed data.
The nonprofit, focusing on software security, no longer collects resumes as part of the membership process, which reduces the risk of such exposure in the future.