The threat actor, going by the moniker “Emo,” has leaked 21GB of data, allegedly belonging to Trello and containing more than 15 million unique email addresses.
Trello is a popular web-based project management tool made by Atlassian.
According to the threat actor, who posted data on a popular illicit marketplace, the company “had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account.” This allowed email addresses to be linked to Trello accounts.
The hacker boasts that “this database is very useful for doxxing,” as personal emails are matched to full names and usernames. The data also includes profile URLs and various other information for status, settings, and limits, as first observed by Hackread.com.
According to the black hat, the breach occurred on January 16th, 2024. At first, the hacker used existing breached databases to match emails to Trello accounts but later expanded the attack.
“I just decided to keep going with emails until I was bored,” the post on the illicit forum reads.
The threat actor posted the data for free, although previously they tried to sell it.
⚠️#DataLeak - Trello
undefined HackManac (@H4ckManac) July 16, 2024
Trello: 15,111,945 User Records Leaked (Again)
The same threat actor who on January 16th had put up for sale more than 15 million Trello user records, is now offering the data again and making it available for free.
Compromised data: Email addresses,… https://t.co/ooB8zLF98H pic.twitter.com/fLUhwGPZGf
“We are aware of claims made by a threat actor about Trello user profile data. We completed an exhaustive investigation and have not found evidence to support that this data was gathered by unauthorized access. All evidence points to a threat actor testing a pre-existing list of email addresses against publicly available Trello user profiles. The security and privacy of our users' data is our highest priority, and we continue to monitor Trello closely for any unusual activity,” Trello said.
The company informed users a few months ago in a community post.
“The Unholy Trinity of API security is alive and well. API endpoints not being tracked or authenticated, and containing sensitive data, all seem to be at the heart of these types of breaches. Grabbing emails from the system puts context with the emails,” said Jason Kent, Hacker in Residence at Cequence.
Trello users should be aware of at least two things that may happen after the leak.
“They'll likely get emails mentioning their association with Trello. Be cautious with any emails from Trello, verification can be difficult, but definitely don't click any links. The other thing is some work on the attacker’s side. They have to find a matching password. The attackers will look at old breach data for the email and try that password first, then they will begin validation,” Kent warns.
It is a common practice for cybercriminals to gather credentials from different dumps, combine the data, and then sell it to other cyberattackers.
Your email address will not be published. Required fields are markedmarked