OWASP Data Leak

The OWASP Foundation identified a data breach on its old Wiki web server towards the end of February 2024, after receiving support requests. This breach exposed member resumes more than a decade old.

Those affected are OWASP members from between 2006 and approximately 2014 and who provided their resumes as part of their membership, including names, email addresses, phone numbers and physical addresses.

The data was collected as part of the early membership process to demonstrate connection to the OWASP community between 2006 and 2014. OWASP no longer collects resumes as part of that process.

OWASP has taken steps such as disabling directory browsing, reviewing web server and MediaWiki settings, removing the resumes from the wiki site, clearing the CloudFlare cache, and requesting removal of the information from the Web Archive.