Cyberattack exposes millions of Trello emails
Over 15 million email addresses linked to Trello accounts were leaked due to an unsecured API.
Over 15 million email addresses linked to Trello accounts have been leaked on a hacking forum. The data breach occurred due to an insecure API, allowing unauthorised users to access non-public email addresses alongside public profile information. This data and full names pose significant risks for targeted phishing and doxxing attacks.
The threat actor, known as ’emo,’ initially sold the data on a hacking forum in January before releasing the entire list recently. Atlassian, the owner of Trello, confirmed the vulnerability was secured earlier this year. However, the exposure highlights the increasing risk posed by unsecured APIs.
Why does it matter?
This incident follows similar breaches, including those affecting Facebook and Twitter in recent years. Ensuring robust security for API endpoints is crucial in protecting user data from such threats.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.