top of page

Oops? 2,700 Joomla! Users Hit By Data Breach

Published: August 23, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

If you have a Joomla account for your business, log-in and change your password. Not long ago, Joomla, a top content management system (CMS), found itself where no one wants to be–in the middle of a security breach. A Security Incident Notification posted on the Joomla website announced 2,700 users of their CMS were affected, specifically those who registered accounts with profiles on the Joomla Resource Directory (JRD) portal. The JRD is home to developers and service providers who specialize in Joomla website creations. According to the company, the breached data exposed full names, encrypted passwords, email and business addresses, phone numbers, IP addresses, and other confidential data.

Joomla representatives said the breach was discovered as the result of an internal website audit. The company claims the breach happened after a JRD team member left an unencrypted backup of the portal on a third-party AWS S3 bucket. At this time, Joomla says it’s unclear if anyone has come across the data and downloaded it. Joomla acted to mitigate the threat by disabling all user accounts not logged into after January 1, 2019.

Joomla’s entirely free CMS has been downloaded nearly 100 million times since its release in 2005, and active sites are currently at the 2.5 million mark. While Joomla continues to explore the breach, they maintain sensitive data like social security numbers were not stored on the database, making the risk of client identity theft at minimal. The company does say, at this point, they believe those affected by the breach are at risk the data will be used for marketing and advertising purposes without user consent.

Aside from taking their own security precautions after the breach, the company suggests its users take immediate action on their Joomla accounts to help minimize damage. Their key recommendation is that users change their password without delay. Just as important, they say if the same password is also used on other accounts, to change those immediately as well. Be sure to change it to a strong password that contains at least eight characters and includes numbers and special characters. The harder it is to guess, the better.

Joomla warns another reason to act quickly is over fear of credential stuffing attacks. Credential stuffing happens when a hacked password, like those stolen in the Joomla breach, is also used for other accounts a customer may have. When a hacker gets a password, they can try to “stuff” it into other accounts the victim has, hoping for a hit. If there’s any duplication, accounts using the same password can be hacked as well. For now, Joomla asks those affected by the breach to use strong and unique passwords for each account and make sure they are unique to Joomla; something cybersecurity professionals have long suggested to bolster account safety.

Want to schedule a conversation? Please email us at

8 views0 comments


bottom of page