In a significant cybersecurity incident, Trello, the popular project management tool, was at the center of a data breach in January.
An extensive user data cache was scraped from the platform and surfaced for sale on a well-known hacking forum. The breach on January 16, 2024, compromised a staggering 15,111,945 accounts, exposing sensitive information, including users’ email addresses, names, and usernames.
The method to extract this data involved enumerating a publicly accessible resource on Trello. The perpetrators used email addresses obtained from previous breaches, indicating a sophisticated approach to targeting and exploiting vulnerabilities in the system.
Despite the alarming nature of the breach, Trello maintained that there was no unauthorized access to its systems. That suggests the breach was executed through a method that didn’t require breaking into the system’s internal networks or databases.
The breach was officially recognized and added to the “Have I Been Pwned” (HIBP) database on January 22, 2024. HIBP is a widely used resource that allows individuals to check if their data has been compromised in any data breach.
Adding this breach to HIBP serves as a critical alert for the millions of users potentially affected, urging them to take necessary actions such as changing passwords and being vigilant for phishing attempts using their personal information.
How to change a Trello password
To reset a Trello password, users must visit Trello’s recovery page. It’s also possible to change the email address associated with the account, by clicking “Manage Account” under the profile photo, then the “Email” tab.