OWASP server blunder exposes decade of resumes
A misconfigured MediaWiki web server allowed digital snoops to access members' resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.
According to the nonprofit, which works to improve web app security, it became aware of the misconfig and subsequent data breach in late February after receiving "a few" report requests.
"If you were an OWASP member from 2006 to around 2014 and provided your resume as part of joining OWASP, we advise assuming your resume was part of this breach," OWASP said in a Good Friday notification posted on its website.
"We recognize the significance of this breach, especially considering the OWASP Foundation's emphasis on cybersecurity," it added.
The resumes contained names, email addresses, phone numbers, physical addresses, "and other personally identifiable information," presumably people's places of employment, we're told.
While the good news is that these resumes are at least a decade old in most cases, that's still a lot of individuals' details — OWASP boasts "tens of thousands of members" across more than 250 chapters worldwide.
