Home Millions of users compromised in Trello breach

Millions of users compromised in Trello breach

July 17th — A significant data breach has compromised personal information belonging to 15 million users of Trello, a popular project management platform. Emails, usernames, full names and other account information may be accessible on the dark web.

Key details

The cyber criminal reportedly gained access to the Trello data via an API endpoint that could be accessed without logging in. The API was intended to enable different software to work together across distributed systems, permitting developers to search for public information about a profile based on Trello details.

The hacker exploited this API by creating a list of 500 million random email addresses and checking to see if they were associated with Trello accounts.

“I originally was only going to feed the endpoint emails from ‘com’ (OGU, RF, Breached, etc.) databases but I just decided to keep going with emails until I was bored. This database is very useful for doxing, find enclosed email address matched to full names and aliases matched to personal email addresses,” wrote the hacker.

API security flaws

Atlassian, owner of Trello, has implemented changes to prevent unauthorized users from requesting other users’ public information based on email address. The company is also committed to monitoring usage of the API and taking further actions as needed.

User information

Atlassian’s Trello users are advised to be cautious in regards to any emails that seem to come from the company. Users are also advised to avoid clicking on links.

For CISOs

Recent reports point to a 400% increase in API attacks across a six month window. Seventeen percent of organizations say that they’ve encountered an API data breach over the past year due to weak API security.

CISOs may wish to fortify API security measures; from enhanced API monitoring and logging to Zero Trust adoption, where all API requests are treated as potentially malicious, regardless of origin.

For information about leading API security tools, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.