Tech
Personal Details of 15 Million Trello Users Allegedly Sold on Hacking Forum
More than 15 million Trello users have reportedly been compromised as their personal details are being sold on a popular hacking forum, according to the cybersecurity service Have I Been Pwned. The service, which alerts individuals when their email address appears in a batch of stolen data, suggests that Trello has not experienced a direct security breach, but rather, hackers have harvested user information by scraping the website.
The email warning sent by Have I Been Pwned states, “In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum.” The data allegedly contains over 15 million email addresses, names, usernames, and more. The information was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello has claimed that no unauthorized access occurred.
A screenshot shared on Twitter (formerly Twitter) displays a snippet from the Dark Web hacking forum where the data is purportedly being traded. The screenshot states that the file comprises emails, usernames, full names, and other account information, and the hacker is offering to sell copies to interested parties. The hacker invites potential buyers to contact them through the Telegram messaging service.
At the time of writing, Trello owner Atlassian has not provided a comment regarding the reported incident.
While Trello’s database may not have been directly breached, the compromised information could still be leveraged for targeting Trello customers. These stolen databases are frequently exploited for phishing attacks, where fraudulent emails are sent to customers under the guise of coming from the company itself. These emails typically request users to change their passwords or input payment details, granting the attackers a more valuable trove of data to exploit.
Despite these developments, Trello has not yet issued any official warning to its customers.
Trello, an Australian software firm, was acquired by Atlassian in 2017 for a sum of $425 million. The project-management tool is widely used in the tech industry to track the progress of IT projects. Its popularity soared during the pandemic when teams found themselves working remotely and lacking direct communication channels.