Unscrupulous Cybercriminal Peddles Pilfered Trello Data on Dark Web Markets
In a concerning turn of events, a data breach on the Trello platform, owned by Atlassian, has exposed over fifteen million email addresses associated with Trello accounts. The stolen data, including users' full names and public Trello account information, is now available for purchase on the Breached hacking forum.
The breach, which occurred in January 2023 using an unsecured REST API, has prompted a change in the Trello REST API to prevent misuse while keeping the 'invite to a public board by email' feature for users. As a result of an investigation uncovered in January 2024, unauthenticated users/services can no longer request another user's public information by email.
The data breach serves as a reminder for users to be vigilant about their online security and privacy. The stolen data can be used by bad actors in phishing attacks to obtain sensitive information such as passwords. The incident also reiterates the need for vigilance about online security and privacy, and the importance of securing REST APIs to prevent such incidents.
Ray Kelly from Synopsys Software Integrity Group emphasized the need for comprehensive threat surface mapping of applications. He stressed the importance of regularly reviewing and updating security measures to protect against potential vulnerabilities.
The people involved in the January 2024 security vulnerability were an IT specialist who discovered and reported the vulnerability in Modern Solution GmbH & Co. KG’s e-commerce software. The specialist initially reported the issue to Modern Solution but later disclosed it publicly through a blog when the company delayed addressing it. The IT specialist was subsequently prosecuted by the Cologne public prosecutor’s office, faced a house search, and was fined 3,000 euros for allegedly violating laws related to data spying and misuse.
Atlassian, the company behind Trello, will continue to monitor the use of the Trello REST API and take necessary actions to ensure the security and privacy of its users. The company encourages all users to review their account settings and take steps to secure their personal information.
In light of this data breach, it is crucial for users to remain vigilant about their online security and privacy, and for companies to prioritize the security of their APIs to prevent such incidents.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- AI-Generated Humor Spreads on Gemini Nano Banana: Light-hearted Modifications Spark Concerns over User Privacy
- New study reveals that Language Models can execute complex assaults independent of human intervention
