The OWASP Foundation has recently made public a data breach incident where the resumes of certain members were inadvertently made accessible online due to a misconfiguration of its previous Wiki web server.
OWASP, which stands for Open Worldwide Application Security Project, is a nonprofit organization established in December 2001 with a focus on enhancing software security.
Over the years, it has garnered a large membership base, boasting tens of thousands of members and over 250 chapters worldwide, which organize various educational and training events. The breach was identified by OWASP in late February subsequent to numerous support requests.
The breach primarily impacted individuals who became members of the foundation between 2006 and 2014 and had submitted resumes as part of the membership process during that period.
Andrew van der Stock, the Executive Director of OWASP, disclosed that the exposed resumes contained sensitive personal information such as names, email addresses, phone numbers, and physical addresses. He clarified that during the mentioned period, OWASP used to collect resumes as a requirement for membership, aiming to establish a connection with the OWASP community. However, the organization no longer follows this practice.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: