We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

    • Tech/Science

    Trello API Abused to Link Email Addresses to 15 Million Accounts

    Jhon Posted on

    Trello API Abused to Link Email Addresses to 15 Million Accounts

    By Lawrence Abrams January 23, 2024 04:31 PM 0

    An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.

    Trello is an online project management tool owned by Atlassian that is commonly used by businesses to organize data and tasks into boards, cards, and lists.

    News of the Trello data leak came last week when a person using the alias ’emo’ attempted to sell the data of 15,115,516 Trello members on a popular hacking forum.

    “Contains emails, usernames, full names and other account info. 15,115,516 unique lines,” reads the post on the hacking forum.

    “Selling one copy to whoever wants it, message on me on-site or on telegram if you’re interested.”

    Trello post on the hacking forum

    Source: BleepingComputer

    While almost all of the data in these profiles is public, the email addresses associated with the profiles are not.

    When BleepingComputer contacted Trello about the data leak last week, we were told that it was not collected by unauthorized access to Trello’s systems but by scraping public data.

    “All evidence points to a threat actor testing a pre-existing list of email addresses against publicly available Trello user profiles,” Atlassian, the owner of Trello, told BleepingComputer last week.

    “We are conducting an exhaustive investigation and have not found any evidence of unauthorized access of Trello or user profiles.

    However, it appears that there was more to the story about how the threat actor was able to confirm the email addresses.

    Abusing an exposed API

    In a conversation with emo, BleepingComputer learned that a publicly exposed API was used to associate email addresses with public Trello

    Tagged:

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    Jhon
    View all posts

    You Might Also Like