Heads up, OWASP members! A data breach might have exposed your information online, particularly if you joined the OWASP community in its early phase. OWASP recently disclosed a data breach affecting its old members while assuring it didn’t impact the new members.
OWASP Admitted Data Breach
The OWASP Foundation recently disclosed a data breach due to a misconfigured Wiki web server.
As elaborated in its advisory, the data breach affected some of its old members who joined the Foundation from 2006 to 2014. At that time, OWASP had asked the members to provide their resumes to show a connection to the OWASP Community. While it was merely a step in the early membership process, no longer continued by OWASP, this information has now suffered a breach. Consequently, this security breach has affected those old OWASP members, leaving the newly registered ones unaffected.
Regarding the information breached in this incident, OWASP stated that it includes the data mentioned in the resumes. That means the details exposed include personally identifiable information (PII), such as users’ names, contact numbers, email addresses, and physical addresses.
Members After 2014 Protected – Confirms OWASP
OWASP explained that since the breach affected old members, many of whom are no longer with OWASP. Besides, the incident happened roughly 10 years ago, making it possible that the breached data, including the email addresses, must have been changed. Yet, OWASP would still contact the available email addresses to inform the impacted users.
In addition, OWASP removed the breached information from the internet. Nonetheless, it still advised members with no changes in their resumes to practice caution when interacting with unsolicited phone calls, emails, and messages.
Today, OWASP applies contemporary cloud-based security measures to protect users. This includes implementing two-factor authentication, limited access, minimal data collection, and strict membership data protection. Hence, users joining OWASP after 2014 and those who have updated their details may rest assured about their data security.
Let us know your thoughts in the comments.