Trello is Frivolous Lolaa popular project management tool that's well-known for its kanban-style list format.
On Tuesday, the private data connected to 15,115,516 Trello user profiles was shared on a popular forum for hackers, as first noticed by the cybersecurity news website Bleeping Computer. It appears that a single hacker discovered a flaw in Trello's system and was able to extract sensitive private user data.
While much of the data connected to a Trello account is public information, not all of it is. By far, the most concerning part of the breach for Trello users is the email address data.
Over 15 million Trello users now have their private email addresses associated with their Trello profiles exposed to the public.
The Trello data breach and subsequent leak can be traced back to earlier this year. Bleeping Computer first noticed in January that the hacker, with the moniker "emo," was selling the Trello data on the hacking forum before providing greater access to it this week.
Both Trello's parent company, Atlassian, and "emo" (the hacker), have since shared more information about how this leak came to be.
According to a forum post by the hacker, they discovered that "Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account." In a correspondence with Bleeping Computer, the hacker further explained that once they discovered the flaw, they put together a list of hundreds of millions of email addresses and cross checked them with the Trello accounts in the API. From there, "emo" was able to link those email addresses with Trello accounts and create a user profile for more than 15 million accounts.
Atlassian confirmed the issue with Bleeping Computer in a statement, saying that the Trello REST API was intended to allow Trello users to invite guests to public boards through email. The company has updated the Trello API to preserve this feature while preventing its misuse by bad actors.
"Given the misuse of the API uncovered in this January 2024 investigation, we made a change to it so that unauthenticated users/services cannot request another user's public information by email," Atlassian said in its statement. "Authenticated users can still request information that is publicly available on another user's profile using this API. This change strikes a balance between preventing misuse of the API while keeping the ‘invite to a public board by email’ feature working for our users. We will continue to monitor the use of the API and take any necessary actions."
Fixing the issue is certainly a step in the right direction. Unfortunately, the leaked data that was obtained through this method is still out there. And if one wonders exactly what can be done with this data, "emo" the hacker shared exactly why the Trello leak is useful to bad actors in their forum post.
"This database is very useful for doxing," wrote emo, who explained one can simply match the email address to a full name or alias attached to a Trello account using the stolen data.
Trello users should be aware that this sensitive data is out there.
Topics Cybersecurity
Best Sonos deal: Save $50 on Sonos Era 100
Best soundbar deal: Save $100 on Ultimea surround sound system
Wordle today: The answer and hints for October 26
NYT Strands hints, answers for October 25
Nintendo Switch 2 release date, price announced
England vs. Samoa 2024 livestream: Watch live rugby league for free
Shop the MacBook Pro with M3 chip for $500 off
OpenAI's AGI readiness team has been dissolved
The 10 Most Anticipated PC Games of 2016
Benetton vs. Bulls 2024 livestream: Watch United Rugby Championship for free
Amazon requires sellers to use more efficient packaging, or pay up
NYT Strands hints, answers for October 28
Illinois vs. Oregon livestream: Kickoff time, streaming deals, and more
NYT Connections Sports Edition hints and answers for October 24: Tips to solve Connections #31.
Anker raises Amazon prices amid US tariffs
Best water flosser deal: Save $21 on the Waterpik Water Flosser
NYT Strands hints, answers for October 25
Best Vacuum Cleaner deal: Save $89.99 on Ultenic U10 Ultra Cordless
'Black Mirror' Season 7: 'Hotel Reverie,' explained
How to add Snapchat camera to iPhone lock screen
WhatsApp fully embraces HD photos and videosNASA Mars Curiosity rover spots striking clouds in Martian sunsetsWhatsApp fully embraces HD photos and videosWhy AI assistants are having such a momentApple is discontinuing Apple Pay Later, but a replacement is coming4 AI travel concierge services that'll help plan your next vacationMeituan shifts focus from GMV to order volume amid declining sales · TechNodeWWF wants citizen scientists to count walruses from spaceAmazon deals of the day: 55NASA rover discovers a hefty meteorite on MarsNASA detects ancient asteroids loaded with waterWhatsApp fully embraces HD photos and videosHubble telescope catches rare crash of three brilliant galaxiesNASA's DART planetary defense test hit an asteroid. Watch what happened next.The space station sprung a leak. NASA and Russia just revealed why.4 AI travel concierge services that'll help plan your next vacationBYD to introduce premium SUV, sedan, and more to Japan: report · TechNodeTSMC and Samsung consider major chip manufacturing plants in UAE · TechNodeThe space station sprung a leak. NASA and Russia just revealed why.Portugal vs. Czech Republic 2024 livestream: Watch Euro 2024 for free What to do if you want to leave Twitter Best deals of the day Oct. 24: all These Peeps dressed as politicians are diorama art at its finest Enjoy this delightfully chaotic goat chase from two perspectives Apple confirms USB Artists on Twitter are drawing their favorite shipping dynamics for this new meme Apple's Dynamic Island got new gestures in iOS 16.1 Redacted Mueller report has unleashed a flurry of great redaction memes Arnold Schwarzenegger's Instagram is actually kind of good? Elon Musk's first day as Twitter head was all about helping right Raptors head coach becomes next best NBA meme with a priceless reaction shot How to download all your tweets from Twitter This Twitter bot forecasts the weather with emoji The Mueller report is here and so are the 'Harm to Ongoing Matter' memes WhatsApp is down globally Wordle today: Here's the answer, hints for October 29 Rod Rosenstein stares blankly into the distance at Mueller report press conference Amazon Prime Thursday Night Football: How to stream Baltimore Ravens vs. Tampa Bay Buccaneers Just a normal adult here, definitely not 2 kids in a trench coat How to watch 'Weird: The Al Yankovic Story'
1.9196s , 10136.2421875 kb
Copyright © 2025 Powered by 【Frivolous Lola】,Inspiration Information Network