Trello

A significant data breach involving the project management tool Trello surfaced in January 2024 when a threat actor named emo posted a database containing information of over 15 million users on a popular hacking forum. The incident was not a direct breach of Trello internal systems but rather a large scale data scraping and credential stuffing operation. The attacker utilized an unsecured API endpoint to link email addresses from previous external leaks with Trello user profiles. This allowed the collection of public and private account details which were then aggregated into a massive searchable database. The exposed data poses risks for targeted phishing and social engineering attacks against project managers and corporate teams worldwide.