"Trello Data Breach Exposes 15 Million User Email Addresses"
An exposed Trello API allowed the linking of private email addresses with Trello accounts, resulting in the creation of millions of data profiles containing public and private information. While Trello claims the data was scraped from public sources, a threat actor used a publicly accessible API to associate email addresses with Trello profiles. Trello has since made changes to the API to prevent unauthenticated users from accessing public information by email. The leak raises concerns about targeted phishing campaigns and has been added to the Have I Been Pwned service for users to check if their email addresses were affected. This incident is reminiscent of a similar Twitter API bug in 2021 that led to the leak of over 200 million Twitter profiles' private information.