Unauthorized Individual Peddles Stolen Trello Data in Cyberspace
In a concerning turn of events, a hacker known as "emo" managed to steal the email addresses, public Trello account information, and full names of over fifteen million Trello users in January 2024. The stolen data, now available for sale on the Breached hacking forum, could potentially lead to unauthorized access to Trello accounts and reveal sensitive information such as passwords.
The breach was a result of exploiting an unsecured Trello REST API via brute-force attacks. Prior to the incident, the Trello REST API enabled users to invite members or guests to their public boards by email address. However, following the investigation into the misuse of the API, Atlassian made a change so that unauthenticated users/services cannot request another user's public information by email.
Authenticated users can still request information that is publicly available on another user's profile using the updated Trello REST API. The 'invite to a public board by email' feature, which was operational before the changes, remains functional.
Ray Kelly from Synopsys Software Integrity Group emphasizes the importance of comprehensive threat surface mapping of applications in today's distributed architectures. He highlights the ease with which issues like improper authentication on a single API call can be overlooked, potentially leading to significant data breaches.
Atlassian, the owners of the Trello platform, have assured users that they will continue to monitor the use of the Trello REST API and take any necessary actions to ensure the security of its users' data. The stolen data is a potential security risk for Trello users, and bad actors may use it for phishing attacks. Users are advised to be vigilant and cautious when receiving emails, especially those that ask for sensitive information.
The Trello platform, a popular project management tool, has been a trusted resource for millions of users worldwide. This breach serves as a reminder for all digital platforms to prioritize security measures and stay vigilant against potential threats.
Read also:
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
