Email addresses of 15 million Trello users leaked on hacking forum, sold for just 360 yen


by

Focal Foto

It has been reported that the email addresses of approximately 15 million users of Trello , a task management tool operated by Atlassian, have been leaked onto the dark web. It was rumored that the email addresses were stolen by hackers in January 2024, but Atlassian initially denied the data leak.

Email addresses of 15 million Trello users leaked on hacking forum
https://www.bleepingcomputer.com/news/security/email-addresses-of-15-million-trello-users-leaked-on-hacking-forum/

Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
https://hackread.com/trello-data-breach-hacker-dumps-users-personal-info/

Trello is a task management tool used to organize data and tasks into boards, cards, lists, etc. In January 2024, it was discovered that data of 15,115,516 Trello users was being sold on a hacking forum.

How to check if user profiles of about 15.11 million Trello users have been leaked or if their email addresses are included - GIGAZINE



While many of the exposed user profiles contained public information, each profile also contained private email addresses associated with the accounts.

Atlassian did not disclose the details of the incident at the time, but told media that the threat actor responsible, “emo,” used an insecure REST API to exfiltrate the information.

The REST API is an API based on the design principle ' REST ', which is designed to allow software to work together in distributed systems. This REST API is publicly available, and public information can be accessed without logging in to Trello or using an API authentication key.

So emo started by creating a random list of 500 million email addresses, feeding them into an API to see if they were associated with Trello accounts, and then matching the results with Trello IDs, usernames, and email addresses to create the 15 million or so user profiles mentioned above.

On July 16, 2024, it was discovered that this Trello user data was being shared on the hacking forum 'Breached (Breach Forums)' for 8 credits, which is just $2.32 (about 367 yen) in cash. The total amount of data is said to be 21.1 GB.



emo posted on the forum, 'Trello has an open API endpoint that allows unauthenticated users to link email addresses to Trello accounts. Initially, I was only going to use email addresses from the 'com (OGU, RF, Breached, etc.)' database, but I've decided to keep going until I get bored,' and said he plans to continue the breach using more email addresses rather than just existing compromised ones.

The exposed data included public Trello account information, including email addresses and user names, which could be used in targeted phishing attacks,

doxing , or 'doxxing,' meaning that Trello users who spend their time anonymously online are at risk of having their names and other information exposed.



Atlassian confirmed that the leaked information was stolen in January 2024 and released the following statement through the media:

'Trello's REST API allows Trello users to invite members and guests to their public boards by email address. However, after an investigation in January 2024 uncovered misuse of the API, we have made changes to prevent unauthorized users or services from requesting other users' public information by email address. This change prevents misuse of the API while allowing users to continue using the ability to invite others to public boards by email. We will continue to monitor usage of the API and take any necessary actions.'

in Security, Posted by log1l_ks