Trello User? Your personal information might be on sale for pennies

Trello
(Image credit: Trello)

Whether you're a big team of colleagues or just an individual looking to stay on top of things, Trello is a fantastic tool to organise your life. Unfortunately, it is apparently a great target for hackers.

The organization tool was reportedly was the target of a cyber attack back in January that saw one hacker under the name "emo" get their hands on the Trello account information and full names of some 15 million users. 

Six months later, that information has now appeared on sale on Telegram for a rather humble fee, with BleepingComputer estimating its cost as just $2.32. This means that, if the hack is real, Trello users may now face widespread distribution of their details. 

How was Trello attacked?

Interestingly, the perpetrator of the attack has delivered a Bond-villain-style monologue explaining how they pulled it off, meaning there is no mystery about this alleged cyber attack. 

"Trello had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account," explained emo "I originally was only going to feed the endpoint emails from 'com' (OGU, RF, Breached, etc.) databases but I just decided to keep going with emails until I was bored."

Trello itself originally denied that any breach took place but in a recent statement confirmed that "Given the misuse of the API uncovered in this January 2024 investigation, we made a change to it so that unauthenticated users/services cannot request another user's public information by email."

Next steps for Trello users 

If you're a Trello user, you should be concerned about your data potentially falling into the hands of scammers. Yes, it's not credit card or banking information but even generic account information and your full name being leaked can cause you trouble. 

Pieces of information like this can be put together by threat actors to cause greater damage in what's called a correlation attack. But what can you do the protect yourself?

Well, the first step should be to change your password on Trello, and anywhere else you use that same password. Two-factor authentication may be a pain, but it's a much more secure way to protect your accounts. 

If your information has been compromised, then watch out for an increased amount of spam emails and phishing scam attempts. Additionally, never download a suspicious-looking document or click on a link from an untrusted email. If this sounds stressful, luckily one of the best VPNs could be the answer. Using NordVPN's Threat Protection Pro is a great way to combat phishing scams as it automatically detects and deals with them for you. 

Of course what's even better than dealing with spam automatically is never receiving it, and if you use Surfshark's Alternative ID feature you can forego having to use your real email and details to make a Trello (or other) account. 

TOPICS

Andy is a freelance writer with a passion for streaming and VPNs. Based in the U.K., he originally cut his teeth at Tom's Guide as a Trainee Writer before moving to cover all things tech and streaming at T3. Outside of work, his passions are movies, football (soccer) and Formula 1. He is also something of an amateur screenwriter having studied creative writing at university.

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
A phone in hand showing the LastPass logo
Millions stolen from LastPass users in massive attack — what you need to know
An email icon open on a laptop screen
New Google Calendar notification attack could be hiding in your inbox — here's how to protect yourself
An open lock depicting a data breach
The top 10 data breaches of 2024
Latest in VPNs
Proton VPN logo and in-app screenshots
"If you control online, you control everything" – Proton is taking the fight to internet censorship
Chelsea Manning speaking at the NymVPN launch event
Chelsea Manning-backed NymVPN launches in bid to win the "censorship arms race"
ExpressVPN
Calling all students! Protect your online privacy with ExpressVPN's exclusive offer
White NymVPN logo on green graphic background
Introducing NymVPN – could this be the world's most secure VPN?
ExpressVPN Lightway Turbo logo
Fast just got faster – introducing ExpressVPN's Lightway Turbo
ExpressVPN connected on Linux app
ExpressVPN launches huge Linux update – what you need to know
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 18 (#646)
A person on a laptop converting a PDF to a DOC
FBI issues warning over free online file converters that infect your PC with malware
The Find my People feature
Android Find My can now track your friends and family — here's how to use it
Foldable iPhone concept image
Are you sitting down? Here’s what the foldable iPhone could cost
Samsung HW-Q990D soundbar
Samsung’s flagship 2024 soundbar just got bricked by a new firmware update — don’t update
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users