Trello data breach overview:
- Who: Public account information of 15 million Trello users has been put up for sale on the hacking forum Breached.
- Why: The exposed data was stolen from during a January data breach and includes public account information, email addresses and full names.
- Where: The data breach affects Trello users nationwide.
The public account information of 15 million Trello users appeared on a hacking forum after the January data breach.
TechRadar reports that the data breach exposed public account information, email addresses, and full names.
The threat actor who claimed responsibility for the January data breach is reportedly now selling the stolen data on the Breached hacking forum for eight site credits — the equivalent of $2.32 in U.S. dollars.
The hacker, who posted under the alias ‘emo,’ wrote in January that they were able to collect more than 15 million email addresses connected to Trello accounts. TechRadar reports that this includes user account info and full names.
According to TechRadar, Trello initially denied it had suffered a data breach. The work-management tool company initially allegedly claimed the hacker built the allegedly stolen dataset from publicly available information.
Trello acknowledges the incident after initially denying it suffered a data breach
Trello has reportedly since acknowledged that it suffered a data breach. The company attributes it to an unsecured API being exploited.
Techradar reports that the acknowledgment appeared to confirm a post by the hacker that said they were able to conduct the attack by exploiting an API vulnerability within Trello’s systems.
“Trello had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account,” the threat actor said, as reported by TechRadar.
Trello reportedly said that, on account of the incident, it has changed its systems so a user or service that is unauthenticated can no longer request another user’s public information through email.
However, Trello said, as reported by TechRadar, authenticated users will still be able to request information that is publicly available via another user’s profile.
The data breach is the latest in a recent string of incidents, with multiple leading to class action lawsuits being filed against companies now accused of failing to have adequate safeguards in place to prevent the data breaches.
Were you affected by the Trello data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
5 thoughts onTrello data breach affects 15M users’ email addresses
Please add me
Add me
Interested in updates on this, Trello customer currently.
please add me
I used and have Trello this is a horrible feeling….