Unscrupulous Cybercriminal Peddles Illegally Obtained Trello Data for Personal Gain
In a recent development, the popular project management platform Trello has been affected by a data leak. The incident, which occurred in January 2023, has raised concerns about the security of user data.
According to Atlassian, the owner of Trello, the data leak was due to an unsecured REST API. This vulnerability allowed users to invite members or guests to public boards by email address, a feature enabled by the Trello REST API. As a result, approximately 15 million email addresses associated with Trello accounts have been stolen, along with full names and public Trello account information.
Sensitive information such as passwords could also be targeted in potential phishing attacks using this stolen data. The stolen data is currently being sold on the Breached hacking forum.
Ray Kelly from Synopsys Software Integrity Group has emphasised the importance of comprehensive threat surface mapping for applications, particularly in today's era of distributed architectures like cloud computing and microservices.
In response to this incident, Atlassian has made a change to the Trello REST API to prevent unauthenticated users/services from requesting another user's public information by email. The updated API is designed to prevent similar data leaks in the future.
Atlassian will continue to monitor the use of the Trello REST API and take any necessary actions. The company encourages users to be vigilant and to be wary of potential phishing attacks.
It is crucial for users to protect their accounts by using strong, unique passwords and enabling two-factor authentication where possible. Users should also be cautious when clicking on links or opening attachments from unknown sources.
The data leak serves as a reminder of the importance of secure application development and the need for ongoing monitoring of the threat landscape. As we continue to rely on digital platforms for our work and personal lives, it is essential that the companies behind these platforms prioritise user security and take proactive measures to protect user data.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Insurance company Aflac reveals cyber attack, part of a broader criminal campaign aiming at the insurance sector industry
- 17 Tech Gadgets and Add-Ons Permanently Taking Up Space in My Mental Realm
- 2022 Feature on our site: Leading U.S. Computer and Electronic Equipment Manufacturers (Presented in a Slideshow)
