Trello

2021: Data leak of hundreds of Russian companies due to negligent use of Trello

In April 2021, it became known about the leak of confidential data of hundreds of Russian companies due to the negligent use of Trello project management software. The problem was reported by analysts Infosecurity a Softline company.

According to them, search engines index almost a million public boards of the Trello service, thousands of them contain confidential information. Usually, the boards contain lists of employees and customers, contracts, passport scans, documentation about tenders and product development, corporate account credentials and passwords from various services.

According to the CEO of InfosecurityKirilla Solodovnikov, this situation - "an illustration of the leak which happened not owing to the hacker attack, and as a result of carelessness or negligence of staff of the company".

The secret data of hundreds of Russian companies was leaked due to the negligent use of Atlassian software

As noted in Infosecurity, Russia mainly small and medium-sized businesses use Trello boards, but the latest leak affected the information of hundreds of large organizations. Corporate data from boards of this service already appeared in open access: in 2017, data""Rostelecom, Acronis and, and in MTS the 2018th - the taxi aggregator flowed away from there. Uber However, such a large-scale leak occurred for the first time, experts said.

Infosecurity advised companies to switch to paid specialized services or not to place confidential corporate information in Trello. In addition to the fact that leaked information may fall into the hands of hackers, companies may also face fines for disclosing personal data of customers, analysts say.

According to Alexander Chernikhov, a leading expert on information security at Krok, the security rules for large companies already include "quite specific instructions on privacy in such applications."^[1]

Notes