Carding Forum
Professional
A member of the cybercriminal forum Breached has leaked more than 15 million email addresses linked to accounts on Trello, a system for managing work projects. The data dates back to January 2024.
Let us recall that at the beginning of the year we reported on the appearance of 15,115,516 user profiles of the Trello.com service on one of the dark web forums. At that time, the compromised information was sold by a participant under the nickname "emo".
As the researchers noted, most of the information in the leak is publicly available information. However, it also includes private email addresses that are associated with the accounts.
Trello owner Atlassian did not go into details about the cyber incident, but emo reported that the data was collected using an unsecured REST API that allows developers to obtain information based on user IDs, names, or emails.
The cybercriminal compiled a list of 500 million email addresses and fed them into an API to find the credentials associated with the account. The result was that 15 million users were identified.
Recently, emo shared his list on the hacker forum Breached.
The leaked archive contains not only email addresses, but also information about accounts, including full user names.
In theory, this information could be used in targeted phishing attacks and doxing (online stalking).
Atlassian representatives confirmed the leak to BleepingComputer and said that the developers closed the Trello REST API loophole in January.
Source
Let us recall that at the beginning of the year we reported on the appearance of 15,115,516 user profiles of the Trello.com service on one of the dark web forums. At that time, the compromised information was sold by a participant under the nickname "emo".
As the researchers noted, most of the information in the leak is publicly available information. However, it also includes private email addresses that are associated with the accounts.
Trello owner Atlassian did not go into details about the cyber incident, but emo reported that the data was collected using an unsecured REST API that allows developers to obtain information based on user IDs, names, or emails.
The cybercriminal compiled a list of 500 million email addresses and fed them into an API to find the credentials associated with the account. The result was that 15 million users were identified.
Recently, emo shared his list on the hacker forum Breached.
The leaked archive contains not only email addresses, but also information about accounts, including full user names.
In theory, this information could be used in targeted phishing attacks and doxing (online stalking).
Atlassian representatives confirmed the leak to BleepingComputer and said that the developers closed the Trello REST API loophole in January.
Source
