"Trello Data Breach Exposes 15 Million User Email Addresses"
An exposed Trello API allowed the linking of private email addresses with Trello accounts, resulting in the creation of millions of data profiles containing public and private information. While Trello claims the data was scraped from public sources, a threat actor used a publicly accessible API to associate email addresses with Trello profiles. Trello has since made changes to the API to prevent unauthenticated users from accessing public information by email. The leak raises concerns about targeted phishing campaigns and has been added to the Have I Been Pwned service for users to check if their email addresses were affected. This incident is reminiscent of a similar Twitter API bug in 2021 that led to the leak of over 200 million Twitter profiles' private information.
- Trello API abused to link email addresses to 15 million accounts BleepingComputer
- Trello data breach of 15M accounts; Loan Depot 16M customers 9to5Mac
- Alleged Trello Data Breach Affects 15 Million Accounts Dataconomy
- Trello data breach exposes over 15 million user email addresses AppleInsider
- Data of 15 million Trello users scraped and offered for sale Help Net Security
Reading Insights
0
0
3 min
vs 4 min read
83%
754 → 125 words
Want the full story? Read the original article
Read on BleepingComputer