The OWASP (Open Web Application Security Project) Foundation disclosed on March 29, 2024 that it suffered a data breach, caused by a misconfiguration on its old Wiki server.
“OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community. OWASP no longer collects resumes as part of the membership process.” said the disclosure.
Exposed resumes contained names, email addresses, phone numbers, physical addresses, and “other personally identifiable information”.
In response to the data breach, the experts at the Foundation have disabled directory browsing, reviewed the web server and Media Wiki configuration for other security issues, removed the resumes from the wiki site altogether, and purged the CloudFlare cache to prevent further access. They also requested that the information be removed from the Web Archive.
OWASP is a nonprofit organization focused on improving the security of IoT, system software and web applications. It provides free resources, tools, and documentation to help organizations develop, deploy, and maintain secure software applications. It has tens of thousands of members.
Read more about it here.