15 million Trello users have personal data leaked on hacking forum
July 2024 by Erez Yalon, VP of Security Research at Checkmarx
In the news, account information of more than 15 million Trello users has been leaked online after a threat actor published it on a hacking forum. This includes full names, email addresses and public Trello account information.
The attack reportedly happened in January, when the threat actor, ‘emo’ claimed to have collected the Trello account email addresses by putting 500+ million emails in to an unsecured API.
Erez Yalon, VP of Security Research at Checkmarx, who is also head of the OWASP Top 10 project, comments:
“The most significant challenge in API security is the area of access control. Four of the 10 listed OWASP API Security Top Ten Risks directly pertain to authorisation and authentication issues. This is much more risky when the vulnerable endpoint has no rate limiting. Although the awareness of the critical nature of API Security is growing, we still encounter instances where API security could be significantly improved. Developers and their managers need to learn from these examples and prioritise securing their APIs to protect users.”