Malware
15 Million Trello Users’ Email Addresses Exposed on Hacking Forum: Protect Your Account Now
Discover how 15 million Trello users’ email addresses were leaked on a hacking forum, posing a significant security risk. Learn about the breach’s origins and how Trello is responding to protect users’ privacy and data. Stay informed on the latest online security threats.
A Massive Trello Data Leak: What Happened?
A hacker recently released over 15 million email addresses linked to Trello accounts. These were collected back in January by exploiting an unsecured API. As a popular online project management tool, Trello is used by businesses worldwide to organize data and tasks into boards, cards, and lists.
The Story Behind the Trello Profile Sales
In January, we discovered that a hacker known as ’emo’ was selling profiles of 15,115,516 Trello members on a well-known hacking forum. Although most of the data in these profiles is public information, each profile also contained a non-public email address linked to the account.
At the time, Atlassian, the company behind Trello, did not confirm how the data was obtained. However, emo stated that it was collected through an unsecured REST API, allowing developers to query for public information about a profile based on a user’s Trello ID, username, or email address.
Using a list of 500 million email addresses, emo fed the API to determine which emails were associated with a Trello account. The resulting account information was then combined with the email list to create member profiles for over 15 million users.
The Data Leak Goes Public
Recently, emo shared the entire list of 15,115,516 profiles on the Breached hacking forum for a mere eight site credits (worth $2.32). In a forum post, emo explained, “Trello had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account.”
What does this leak include? Email addresses and public Trello account information, such as the user’s full name. This data can be used in targeted phishing attacks to steal more sensitive information, like passwords. Emo also mentioned that the data can be used for doxxing, enabling hackers to link email addresses to people and their aliases.
Atlassian’s Response
Atlassian confirmed to us that the information was collected through a Trello REST API that was secured in January. In a statement, they said:
“Enabled by the Trello REST API, Trello users have been enabled to invite members or guests to their public boards by email address. However, given the misuse of the API uncovered in this January 2024 investigation, we made a change to it so that unauthenticated users/services cannot request another user’s public information by email. Authenticated users can still request information that is publicly available on another user’s profile using this API. This change strikes a balance between preventing misuse of the API while keeping the ‘invite to a public board by email’ feature working for our users. We will continue to monitor the use of the API and take any necessary actions.”
❖ Atlassian
Unsecured APIs: A Growing Concern
Unsecured APIs have become a popular target for hackers, who abuse them to combine non-public information (like email addresses and phone numbers) with public profiles. In 2021, threat actors abused an API to link phone numbers to Facebook accounts, creating profiles for 533 million users.
Twitter suffered a similar breach in 2022, with hackers exploiting an unsecured API to link phone numbers and email addresses to millions of users. This data allowed for the unmasking of people who post anonymously on social media, posing a significant privacy risk.
Recently, an unsecured Twilio API was used to confirm the phone numbers of 33 million Authy multi-factor authentication app users.
Many organizations try to secure APIs using rate-limiting instead of authentication via an API key. However, hackers can simply purchase hundreds of proxy servers and rotate the connections to constantly query the API, rendering rate limiting useless.
Stay Informed and Stay Safe
As the world of cybersecurity evolves, it’s crucial to stay informed and take the necessary precautions to protect your data. We’re here to help you navigate this complex landscape and keep you updated on the latest threats. Don’t hesitate to contact us for more information, and keep returning for more insights on cybersecurity.
Malware
Fortinet Acknowledges Massive Data Breach: Hacker Boasts Theft of 440GB Files
Fortinet, a network security company, has confirmed a data breach after a hacker claimed to have stolen 440GB of files. The breach is believed to have exposed client information, including email addresses and passwords. Fortinet is investigating the incident and taking steps to mitigate the potential impact on its customers and partners.
You may have heard about the recent data breach at cybersecurity giant Fortinet, and it’s worth taking a closer look at what happened to understand the risks and implications. The company is one of the largest cybersecurity providers in the world, offering a range of products and services such as secure networking devices, network management solutions, and consulting services.
A Threat Actor Strikes
Recently, a threat actor claimed to have stolen a whopping 440GB of data from Fortinet’s Microsoft Sharepoint server. This individual, going by the name “Fortibitch,” announced the theft on a hacking forum and even shared credentials to an alleged storage bucket containing the stolen data.
We have not accessed this storage bucket to verify its contents, but it’s important to note that the threat actor claimed to have attempted to extort Fortinet into paying a ransom to prevent the data from being published. Fortinet, however, refused to pay.
Fortinet’s Response
When we reached out to Fortinet about this incident, the company confirmed that customer data had indeed been stolen from a “third-party cloud-based shared file drive.” They described the breach as involving “limited data related to a small number of Fortinet customers.”
Initially, Fortinet did not disclose the number of affected customers or the nature of the compromised data, but they did state that they had “communicated directly with customers as appropriate.” In a later update on their website, Fortinet revealed that the breach affected less than 0.3% of its customer base and had not resulted in any malicious activity targeting those customers.
It’s also worth noting that Fortinet confirmed the incident did not involve data encryption, ransomware, or access to their corporate network. We have contacted Fortinet with additional questions about the breach, but have not received a reply at this time.
Not the First Time
This isn’t the first time Fortinet has been targeted by threat actors. In May 2023, an individual claimed to have breached the GitHub repositories of Panopta, a company acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.
A Call to Stay Informed and Vigilant
As this incident demonstrates, even the most prominent cybersecurity companies can fall victim to data breaches. That’s why it’s crucial to stay informed about the latest threats and to take steps to protect your own data and networks. We’re here to help you navigate the ever-evolving cybersecurity landscape and to provide the expertise and support you need to safeguard your digital assets.
Don’t hesitate to reach out to us to learn more about how we can help you stay ahead of the curve in cybersecurity, and be sure to keep coming back for the latest updates and insights.
Malware
Transport for London Reveals Alarming Cyberattack: Customer Data Compromised
Transport for London (TfL) has confirmed customer data was stolen in a cyber attack. TfL’s Oyster card and contactless payment systems were targeted, resulting in a partial shutdown of online services. The transport operator urges users to change their passwords and remain vigilant for potential phishing emails or fraudulent activity.
Did you know that on September 1st, the urban transportation agency, Transport for London (TfL), was hit by a cyberattack? Initially, they assured customers that there was no evidence of data being compromised. However, after further investigation, it turns out that some customer data was indeed impacted, including names, contact details, email addresses, and home addresses.
A Quick Recap of the Cyberattack
The attack was first made public on September 2nd, and since then, TfL staff has been dealing with system outages and disruptions. This includes the inability to respond to customer requests submitted via online forms, issue refunds for journeys paid with contactless methods, and more.
As we now know, the impact on customer data was not as minimal as initially thought. According to TfL’s status page, the investigation revealed that certain customer data had been accessed during the cyberattack.
Moreover, the agency discovered that the hackers may have accessed some Oyster card refund data and bank account number and sort codes for approximately 5,000 customers.
Worried about being affected? We can confirm that affected customers are receiving personalized notifications informing them of the data breach, so be sure to check your email to see if you’re among those impacted.
What Does This Mean for TfL Customers?
As TfL continues to work on remediation efforts, some services remain unavailable. Here’s a quick rundown of what you should be aware of as a customer:
- Live Tube arrival info is unavailable on some digital channels, but in-station and journey planning info is still accessible.
- Applications for new Oyster photocards, including Zip cards, are temporarily suspended. If you need to replace a lost card, call 0343 222 1234 (option 1).
- If you can’t apply for a photocard, keep records of your fares; you might be able to get a refund once the cyber incident is resolved.
- Contactless users can’t access their online journey history.
- Refunds for incomplete journeys using contactless payment methods are unavailable. Remember to always touch in/out. Oyster users can manage refunds online.
- Staff has limited system access, causing delays in online responses.
As of now, no ransomware gang has claimed responsibility for the cyberattack on TfL.
A Wake-Up Call for Better Cybersecurity
This incident serves as a reminder that we must be vigilant when it comes to cybersecurity. Businesses and individuals alike should take the necessary steps to protect their data and systems from cyber threats.
As an IT Services expert in cybersecurity, we’re here to help you stay informed and ensure you’re taking the right precautions to protect yourself from cyberattacks. So, don’t hesitate to reach out to us for advice or assistance. And keep coming back to learn more about how you can stay one step ahead of cyber threats.
Malware
Massive Data Breach Hits Payment Gateway: 1.7 Million Credit Card Users Impacted
A data breach at Indian payment gateway provider Juspay has exposed the personal information of 17 million credit card owners. The compromised data includes names, email addresses, and phone numbers, putting users at risk of phishing attacks. Juspay has assured customers that full card numbers, order information, and passwords remain secure.
Imagine this: you’re enjoying a lovely dinner at your favorite restaurant, and when it’s time to pay, you hand over your credit card without a second thought. What you don’t know is that a cybercriminal has been lurking in the shadows, just waiting for the opportunity to snatch your personal and credit card information. That’s exactly what happened to nearly 1.7 million individuals when payment gateway provider Slim CD suffered a data breach.
The Slim CD Data Breach: What Happened?
Slim CD is a company that provides payment processing solutions for businesses, allowing them to accept electronic and card payments through various platforms. Unfortunately, hackers were able to access Slim CD’s network for almost a year, from August 2023 to June 2024. The company first detected suspicious activity on June 15, 2024, and during their investigation, they discovered the unauthorized access had begun back in August 2023.
According to the notification sent to the impacted individuals, the threat actor had viewed or obtained access to credit card information for just two days, between June 14th and 15th, 2024. The types of data that may have been accessed include:
- Full name
- Physical address
- Credit card number
- Payment card expiration date
Is Your Credit Card Information Safe?
While the exposed information doesn’t include the card verification number (CVV), there’s still a risk of credit card fraud. Nowadays, cybercriminals have become increasingly sophisticated and may use the stolen information to piece together enough data for fraudulent transactions. It’s important to remain vigilant and monitor your credit card statements for any suspicious activity.
What Can You Do to Protect Yourself?
Slim CD has taken measures to strengthen its security to prevent future incidents like this, but it’s crucial for you to take charge of your own cybersecurity. Here are some steps you can take to stay ahead of cybercriminals:
- Regularly monitor your credit card statements for any unauthorized transactions.
- Report any suspicious activity to your card issuer immediately.
- Be cautious when providing your personal and credit card information online or over the phone.
- Consider using a credit monitoring service for added protection.
Don’t Let Cybercriminals Win: Stay Informed and Protected
As the digital landscape continues to evolve, so do the threats posed by cybercriminals. Staying informed about cybersecurity risks and taking proactive steps to protect your personal information is more important than ever before. We’re here to help you navigate the complex world of cybersecurity and ensure your personal data remains secure.
So, don’t let cybercriminals get the upper hand. Keep coming back to learn more about the latest threats and how you can stay protected in the digital age. Together, we’ll make sure that your personal information stays safe and out of the hands of cybercriminals.
Fortinet Acknowledges Massive Data Breach: Hacker Boasts Theft of 440GB Files
Transport for London Reveals Alarming Cyberattack: Customer Data Compromised
Massive Data Breach Hits Payment Gateway: 1.7 Million Credit Card Users Impacted
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
Malware11 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
- Malware11 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
- Data Protection Regulations10 months ago
Top Data Protection Officer Certification Courses Reviewed
- Security Audits and Assessments10 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
- Data Protection Regulations10 months ago
Top 11 Data Protection Training Programs for Compliance
- Data Protection Regulations10 months ago
Navigating Data Protection Laws for Nonprofits
- Data Protection Regulations10 months ago
9 Best Insights: CCPA’s Influence on Data Security
- Security Audits and Assessments10 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
