1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • 15 million Trello users at risk after unknown hacker uses proxy s

    From TechnologyDaily@1337:1/100 to All on Wed Jan 24 14:15:04 2024
    15 million Trello users at risk after unknown hacker uses proxy service to scrape data emails, usernames, full names and other accounts info are available for sale on hacking forum

    Date:
    Wed, 24 Jan 2024 14:06:41 +0000

    Description:
    Hacker associated public Trello profile data with private emails, opening the gates for spear phishing attacks.

    FULL STORY ======================================================================

    A threat actor has put some 15 million people at risk by managing to link their private email addresses with public data from their Trello accounts.

    A hacker with the alias emo took to a popular hacking forum recently, where they offered a database of more than 15 million Trello members for sale.

    "Contains emails, usernames, full names and other account info. 15,115,516 unique lines," BleepingComputer cited the ad. "Selling one copy to whoever wants it, message on me on-site or on telegram if you're interested." Abusing APIs

    Trello has now came forward with a statement, saying its systems were not breached, and that the information in the database was public and scraped.

    "All evidence points to a threat actor testing a pre-existing list of email addresses against publicly available Trello user profiles," Trellos owner, Atlassian, said in a statement.

    "We are conducting an exhaustive investigation and have not found any
    evidence of unauthorized access of Trello or user profiles.

    However, this might not be entirely correct. Emo told the media that they
    used a publicly exposed API to link email addresses to public Trello
    profiles.

    The API was designed to allow developers to query for public information on peoples profile, based on Trello IDs and usernames, but emo found that emails can also be queried this way, effectively associating public profile information to an email address which would, otherwise, remain hidden. The
    API was publicly accessible, the hacker added. Now, it requires users to log in, but a free account will suffice.

    The problem here is that hackers can now know which email address was used to create a Trello account, information which can be abused in targeted and highly sophisticated phishing attacks. Knowing that Trello is a project management board used mostly by professionals only makes it more dangerous. More from TechRadar Pro Collaboration tools are more popular than ever, but they have an insidious side Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/trello-api-leak-puts-around-15-million- users-at-risk-heres-what-we-know-so-far


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)