Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum.
According to the service, the data was scraped from Trello in January 2024, and “Was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.”
Whether this incident can be called a data breach is open for debate, but according to Hunt, it can definitely have adverse consequences for some users.
Of course, the scraped data can also be leveraged for targeted phishing and password brute-force attacks.
Users who use the same email and password combination for various online services and have had this combination compromised in previous data breaches are in danger of getting their Trello account hijacked.
Trello has previously been the source of data leaks when users have – accidentaly or due to not understanding specific settings – exposed some of their sensitive data by making their Trello boards public.