Yesterday, a hacker with the alias “Emo”, leaked 21.1 GB of information on over 15 million users of the Atlassian-developed project management tool Trello.
According to the hacker, the data breach occurred in January 2024, including the following:
- 15,182,073 email addresses
- User IDs
- Usernames
- Full names
- Profile URLs
- Status information
- Various settings and limits
- Associated board memberships
Initially, the hacker used email addresses from already-breached databases and then expanded the attack. The hacker explained that Trello had an insecure API endpoint accessible without logins, allowing the hacker to link email addresses to Trello accounts, revealing user identities, resulting in the widespread breach.
“I originally was only going to feed the endpoint emails from ‘com’ (OGU, RF, Breached, etc.) databases, but I just decided to keep going with emails until I was bored. This database is very useful for doxing, find enclosed email address matched to full names and aliases matched to personal email addresses,” the hacker said.
Evan Dornbush, a former NSA cybersecurity expert offers comments:
“Data disclosure like this is unfortunate. The attacker was using an unauthenticated-yet-legitimate API call to obtain sensitive information. Considering we’re talking about text data, 21.2GB is a lot to leak.
“For a long time, anomaly detection failed to live up to the hype. Modern computational processing leveraging machine learning techniques in theory make alerting on these kinds of abnormal operating behaviors a reality. If they can emerge onto the cybersecurity scene more aggressively, perhaps companies could more quickly detect this kind of behavior in the future.”
This is pretty bad. And Trello really has to not only explain how this specific hack happened, but what they are going to do to safeguard customer data going forward. Because a leak of this scale is completely unacceptable.
Related
This entry was posted on July 18, 2024 at 8:38 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Account data on 15 million Trello users stolen from open API and leaked on the web
Yesterday, a hacker with the alias “Emo”, leaked 21.1 GB of information on over 15 million users of the Atlassian-developed project management tool Trello.
According to the hacker, the data breach occurred in January 2024, including the following:
Initially, the hacker used email addresses from already-breached databases and then expanded the attack. The hacker explained that Trello had an insecure API endpoint accessible without logins, allowing the hacker to link email addresses to Trello accounts, revealing user identities, resulting in the widespread breach.
“I originally was only going to feed the endpoint emails from ‘com’ (OGU, RF, Breached, etc.) databases, but I just decided to keep going with emails until I was bored. This database is very useful for doxing, find enclosed email address matched to full names and aliases matched to personal email addresses,” the hacker said.
Evan Dornbush, a former NSA cybersecurity expert offers comments:
“Data disclosure like this is unfortunate. The attacker was using an unauthenticated-yet-legitimate API call to obtain sensitive information. Considering we’re talking about text data, 21.2GB is a lot to leak.
“For a long time, anomaly detection failed to live up to the hype. Modern computational processing leveraging machine learning techniques in theory make alerting on these kinds of abnormal operating behaviors a reality. If they can emerge onto the cybersecurity scene more aggressively, perhaps companies could more quickly detect this kind of behavior in the future.”
This is pretty bad. And Trello really has to not only explain how this specific hack happened, but what they are going to do to safeguard customer data going forward. Because a leak of this scale is completely unacceptable.
Share this:
Like this:
Related
This entry was posted on July 18, 2024 at 8:38 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.