The Open Worldwide Application Security Project (OWASP) suffered a data breach in late February 2024 resulting in the exposure of sensitive data belonging to some of its members.
In an announcement published on the OWASP website, Executive Director Andrew van der Stock confirmed the breach and explained that it happened due to a misconfiguration of an old OWASP Wiki web server.
As a result, an unnamed threat actor gained access to resumes belonging to open source fans who joined between 2006 and 2014.
Notifying affected members
“OWASP collected resumes as part of the early membership process, whereby members were required in the 2006 to 2014 era to show a connection to the OWASP community,” van der Stock explained. “OWASP no longer collects resumes as part of the membership…
Source link
