The popular platform was hacked back in January, and now the story is spreading.
At the end of January, we reported that Trello, the productivity platform used by many, had been hacked and the data of 15 million customers had been stolen. There were also reassuring factors, because passwords were not made public, and it was not possible to obtain any of the e-mail addresses that would not have been accessible through other sources.
As it turned out later, the perpetrator put the data package up for sale on a popular marketplace on the dark web, but it could not have been successful, as now, half a year after the incident, he has resurfaced and is selling the entire database, in exchange for money, almost for free.
A BleepingComputer reported that the cybercriminal responsible for the hack, a certain “emo”, was selling the database to the Breached on a hacker forum, which, according to the website’s calculation, corresponds to approximately 2.32 dollars, or only HUF 830. It sells for roughly the price of a bar of chocolate.
“Trello had an open API endpoint that allowed any unauthenticated user to assign an email address to an account. Originally, I only wanted emails from ‘com’ databases (OGU, RF, Breached, etc.) to feed into the endpoint, but I decided to continue with the emails until I got bored”.
– said the perpetrator. Trello initially denied that it had been hacked, and the platform claimed that the hacker built its database from public and scraped information, but now it has confirmed that the incident may have been caused by an insecure API:
“The Trello REST API used to allow Trello users to invite members or guests to their public boards based on email address. However, given the abuse of the API revealed in the January 2024 investigation, we have changed it so that the unauthenticated users/services should not be able to request another user’s public information via email, but authenticated users can still query information that is publicly available on another user’s profile using the API.This change balances API abuse , while the “public forum email” feature is still working for our users. We will continue to monitor API usage and take appropriate action.”
While collecting public information in this way may not sound like a particularly dangerous attack to acquire, it can be used to create convincing phishing emails. And this can lead to truly devastating consequences, such as password theft, the installation of malicious software, and the like. It’s worth checking from time to time on the Have I Been Pwned page to see if your email address is one of those that have been acquired, and if so, it’s time to change your password, or maybe you should get a reliable password manager.
Source: www.pcwplus.hu
