Atlassian changed Trello’s API access settings after a cybercriminal posted 15 million records on an underground forum. An excerpt of the data was published in January.
Advertisement
The data includes users’ email addresses, linked to their names and profile names. The data was accessed using a public REST API, which allows users to invite other members or guests to their public boards via email addresses.
The attackers sought information such as Trello users’ names via email addresses and links. They were posted on underground forums and offered for $2.32 by the same account that published data from the family tracking app, Life360.
Only authenticated users can request data
Now a change has been made, As Atlassian told Bleeping Computer, “So that unauthenticated users/services cannot request another user’s public information via email.” According to Atlassian, now, only “authenticated users can continue to access publicly available information on another user’s profile via this API.” The company intends to continue monitoring the use of the API and “take all necessary measures.” Users should also continue to have the option to invite others to public boards via email.
The data can be used by malicious actors for targeted phishing or credential stuffing attacks to discover passwords or access other services. Users can Am I under arrest? Check if your access data has been leaked. The Have-I-Been-Punched project already added Trello data to its repository in January.
Updates
How to fix the Windows crash that caused the global computing crash July 19, 2024,
12:36
Watch
Adds information from Atlassian and corrects that Trello has not confirmed the outflow of 15 million email addresses. Trello has changed its security settings.
(Mac)
The rise of platform engineering – the next big thing?
