Data Breach

Trello Data Breach

15.0M records exposed • January 2024

A hacker found a way to check if any email address had a Trello account and get their name. They did this 15 million times to build a database of Trello users.

What Happened

A hacker exploited an API to link email addresses to Trello accounts, creating a database of 15 million users' information.

Attack method: API enumeration

What Data Was Exposed

Email addresses, Full names, Usernames

Is your business exposed?

What to Do If You're Affected

  1. 1.

    Be aware of targeted phishing

  2. 2.

    Review Trello boards for sensitive information

Lessons for Businesses

  • API enumeration attacks are common
  • Email-to-account linking should be prevented
  • Rate limiting is essential

Related Breaches

Twitter 2022

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices