1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Asana admits one of its AI features might have exposed your data

    From TechnologyDaily@1337:1/100 to All on Wed Jun 18 15:15:08 2025
    Asana admits one of its AI features might have exposed your data to other users

    Date:
    Wed, 18 Jun 2025 14:02:00 +0000

    Description:
    A bug in a newly introduced Asana tool was leaking data for a month, potentially exposing businesses to risk.

    FULL STORY ======================================================================Asana AI-powered tool had a bug which exposed user data to other users It was fixed after a month, but users should be on their guard

    Popular project management platform Asana is warning users a newly-introduced tool may have leaked their data to others on the service

    Research from security experts UpGuard noted in early May 2025, Asana introduced Model Context Protocol (MCP) server, a tool that lets AI products such as ChatGPT or Copilot interact with Asanas Work Graph.

    This allows users to query for information using natural language, manage their tasks and projects with the help of AI, and get real-time updates using the MCP standard.

    Save up to 52% off Lifelock Identity Theft Protection!

    Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock.
    For the threats you can't control.

    Preferred partner ( What does this mean? ) View Deal A month of leaks

    However, the tool was implemented with a bug that exposed data from Asana instances to other MCP users.

    Not all data was exposed, though, as it was limited to each users access scope.

    Still, given that many enterprises rely on Asana when managing important
    tasks and large projects, it could mean sensitive information was leaked
    (such as project metadata, team details, discussions, uploaded files, and similar).

    Asana apparently discovered the bug on June 4, meaning the platform was leaking data for a month - the company is sending out notices with links to communication forms to impacted organizations, but apart from that its
    staying relatively silent on the matter.

    We dont know if any users suffered any meaningful damage as a result of this flaw, but the company did tell BleepingComputer that it impacted roughly
    1,000 customers. It has more than 130,000 paying customers all over the world including, according to some sources, heavy hitters such as Spotify, Uber, or Airbnb.

    In any case, users should review Asana logs for MCP access, review generated AI summaries, and report to Asana if they see information seemingly coming in from a separate organization.

    Furthermore, users are advised to set LLM integration to restricted access
    and pause auto-reconnections and bot pipelines for the time being. You might also like One of Google's "big AI" projects uncovered some serious security threats seemingly all on its own Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/asana-admits-one-of-its-ai-features-mig ht-have-exposed-your-data-to-other-users


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)