The data of 15 million-plus Trello users has been put up for sale on the dark web. The dataset reportedly includes the full names, emails, and usernames of Trello users.
On Jan. 17, cybersecurity firm Hack Manac said a member of a dark web forum advertised the dataset containing 15,115,516 unique lines of data belonging to Trello users.
“The cybercriminal, who goes by the name ’emo,’ claims that the database includes data such as emails, usernames, full names, and other account information,” Hack Manac tweeted.
On Monday, Troy Hunt, the operator of the data breach monitoring service Have I Been Pwned, confirmed the news. Hunt said, “it looks like someone had themselves a collection of breaches in public circulation, grabbed all the email addresses from them, and then threw them at Trello to see which ones returned results.”
Trello’s parent company, Atlassian, reassured Trello users on Tuesday, explaining that the leaked data was not new and that users should not be alarmed.
Data Available for Sale
Hack Manac shared a screenshot of the dark web forum post advertising the Trello dataset. “Selling one copy to whoever wants it, message on [sic] me on-site or telegram if you’re interested,” the post reads.
According to Atlassian, there’s no “evidence to support that this data was gathered by unauthorized access.” The company believes that the threat actor used a pre-existing list of email addresses to look up public Trello user profiles.
Meanwhile, the seller told Bleeping Computer they used “a publicly exposed API” to “associate email addresses with public Trello profiles,” confirming Atlassian’s statement.
There have been numerous data breaches this month. U.S. mortgage and loan giant LoanDepot suffered a data breach affecting over 16 million customers, and at least 26 billion records have been exposed in what has been described as the largest data leak ever.
How to Protect Your Trello Account
This breach increases the potential for targeted phishing attacks on Trello users, as it connects private email addresses with public Trello profiles.
While Atlassian reassured its users that the leaked data was already public, the company advised users to review whether they have any sensitive information exposed on their public profiles.
We recommend enabling two-factor authentication (2FA) and using strong, unique passwords to secure your Trello account. Remember, never use the same password for more than one account.
Consider using a top-tier password manager like NordPass for enhanced security. Worried your data was leaked? You can search on Have I Been Pwned to see if your email address or other information have been leaked online.
For more news, follow us on X (Twitter), Threads, and Mastodon!
