The hacker behind the Trello data breach claims the data was stolen in January 2024 and can be used for doxing and further exposing the personal information of victims.
Trello, a widely used project management tool developed by Atlassian, has experienced a major data breach, exposing sensitive user information. The data leak came to light recently when a hacker using the alias “Emo” leaked 21.1 GB of the company’s data on the notorious hacker and cybercrime platform, Breach Forums.
The Hackread.com research team confirms that, according to the hacker, the data breach occurred in January 2024. However, the data was dumped online today, Tuesday, July 16, 2024. It includes a trove of information on millions of users, including the following:
- User IDs
- Username
- Full names
- Profile URLs
- Status information
- Various settings and limits
- Associated board memberships
- Email addresses (15 million – 15,182,073)
and more…
The Breach Explained
The hacker responsible for the breach also explained how they exploited Trello’s system according to which allegedly, Trello had an insecure API endpoint accessible without login, allowing unauthorized access. This endpoint allowed the hacker to link email addresses to Trello accounts, revealing user identities.
Initially, the hacker used email addresses from existing breached databases and then expanded the attack. The hacker continued exploiting the endpoint with more emails, resulting in a widespread breach. The leaked data can be used for doxing, exposing personal information like full names and aliases linked to email addresses.
“Trello had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account. I originally was only going to feed the endpoint emails from ‘com’ (OGU, RF, Breached, etc.) databases but I just decided to keep going with emails until I was bored. This database is very useful for doxing, find enclosed email address matched to full names and aliases matched to personal email addresses,” the hacker said.
Eric Schwake, Director of Cybersecurity Strategy at Salt Security, a Palo Alto, Calif.-based provider of API security commented on the breach and emphasised the importance of API security.
“The breach underscores the necessity of implementing comprehensive API security measures, including robust authentication, authorization controls, and proactive monitoring for any suspicious activity,” said Eric.
“Moreover, it emphasizes the need for a robust API posture governance framework, which ensures that APIs are consistently configured and deployed following the best security practices throughout their lifecycle,” he advised. “Through the proactive management of API posture, organizations can significantly decrease the likelihood of similar breaches and safeguard sensitive user data.”
Another day, another data breach!
The Trello data breach is just another in a series affecting companies based in the United States. On July 13, 2024, a hacktivist group claimed to have breached Disney and leaked 1.1 TiB of internal Slack data.
On July 12, 2024, AT&T announced that hackers had stolen call records and text message logs of “nearly all” customers, impacting over 110 million Americans.
Meanwhile, the Ticketmaster data breach continues to cause headaches for Live Nation as hackers leaked 10 million ticketing barcodes related to top celebrities’ concerts. The hackers are demanding an $8 million ransom to stop future leaks.
Takeaway
If you are a Trello user, you should inquire about this data breach and change your email account’s password as a security precaution. Additionally, take proactive steps to protect your personal information and online security by looking out for phishing emails. Cybercriminals may pretend to contact you on behalf of Trello to steal passwords or install malware on your system.