A misconfigured MediaWiki web server allowed digital snoopers to access members' resumes that contained their personal information at the Open Web Application Security Project (OWASP) Foundation.
owasp bwa bricks login page hack 3
According to the nonprofit, which works to improve web app security, it became aware of the misconfiguration and subsequent data breach in late February after receiving "a few" reporting requests.
"If you were an OWASP member from 2006 to around 2014 and submitted your CV as part of joining OWASP, we advise you to assume that your CV was part of this offence," OWASP said in a Good Friday notice posted on its website.
"We recognize the significance of this breach, particularly given the OWASP Foundation's emphasis on cybersecurity," it added.