Identity, Vulnerability Management, Privacy

Misconfigured server leaks OWASP Foundation data

A detailed view of a server rack, intricate network of cables ensuring internet connection

Security Affairs reports that the Open Web Application Security Project Foundation had data from its earliest members exposed as a result of an old Wiki web server misconfiguration.

Only individuals who submitted their resumes to join OWASP between 2006 and 2014 had their personally identifiable information compromised, according to the foundation, which noted that resume submission has no longer been required in its membership process.

Such an incident has prompted OWASP to conduct directory browsing deactivation, immediate web server and Media Wiki configuration issue remediation, and CloudFlare cache clearing, as well as seek the erasure of exposed data from the Web Archive.

Despite the outdated nature of the leaked information, OWASP has committed to inform former members whose data may have been impacted. Individuals still using the phone numbers they listed on the old resumes have also been urged to be mindful of potential phone call, email, and mail scams.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.