Personal data of 15 million Trello users leaked on hacking forum
Initial disclosures showed the trove of data was collected using an unsecured API earlier this year.
Trello is an online project management tool owned by Atlassian. Businesses often use tools to organize data and tasks into tables, cards, and lists. The advantage of Trello is that it makes it easy to show workflow, project ownership, and completion status.
Previously in January, BleepingComputer reported that a threat actor with the nickname 'emo' was selling the profiles of 15,115,516 Trello members on a popular hacking forum. While most of the data in these profiles is public information, each profile also contains a private email address associated with the account.
Although Atlassian, the owner of Trello, did not confirm at the time how the data was stolen, the hacker himself revealed that the data was collected using an unsecured REST API, allowing developers query public profile information based on Trello ID, username, or email address.
emo created a list of 500 million email addresses and fed them into an API to determine if they were linked to a Trello account. This list is then combined with returned account information to create member profiles for more than 15 million users. emo has now shared the entire list of 15,115,516 profiles on the Breached hacking forum for 8 site credits (worth $2.32).
" Trello has an open API endpoint that allows any unauthenticated user to map an email address to a trello account ," emo explains in the forum post. " Initially I was only going to serve endpoint emails from the 'com' database (OGU, RF, Breached, etc) but I decided to keep using email until I got bored ."
The leaked data included email addresses and public Trello account information, including users' full names.
This information can be used in targeted phishing attacks to steal more sensitive data, such as passwords. emo also said the data could be used to carry out doxxing, allowing threat actors to link email addresses to people and their aliases. Atlassian has now also confirmed information about the incident.
Unsecured APIs have become a popular target for hackers, who know how to abuse them to combine non-public information, such as email addresses and phone numbers, with public records.
In 2021, a group of hackers abused the API to link phone numbers to Facebook accounts, creating profiles for 533 million users.
In 2022, Twitter also suffered a similar breach when threat actors abused an unsecured API to link phone numbers and email addresses to millions of users of the social media platform. pose significant privacy risks.
Many organizations try to secure APIs using rate limiting instead of through authentication via an API key.
However, an attacker can simply buy hundreds of proxy servers and spin up connections to continuously query the API, making rate limiting useless.
You should read it
- Instructions for using Trello to manage projects and life
- What do you know about the first 'cyber attack' in the world?
- Facebook is a new trend in cyber attacks
- How to Use Trello
- The 13-year-old 'Hacker' enters the school's computer system to create a 'list of the most hated kids'
- Beware these coronavirus hacking threats, UK and US agencies warn
- Hackers sell personal data of millions of people in Moscow for only $800
- What is Pentest? Learn about Penetration Testing (penetration testing)
- So frustrated with the learning situation, students hack the school's computer system
- Another major health facility was attacked, affecting nearly half of the Canadian population
- Bad guys can steal data by freezing RAM sticks with liquid nitrogen
- Cyber-Attack attacked the US military network
Maybe you are interested
Fix the error of not being able to download attachments when sending Email
How to check if email is still working?
4 tools to detect phishing emails
Email threatening to reveal private data from Microsoft may be a scam
3 Ways to Turn Off Voicemail on iPhone
5 Reasons People Prefer Password Login Over Email