. home.aspx

NEWS

home.aspx
   


Posting passwords on Trello leads to latest data exposure mess

June 08, 2018 / Michael Heller

Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards. Data exposures in web applications and cloud services are becoming more in fashion these days, and Trello is the latest service being used poorly in the enterprise. According to an investigation reported by Brian Krebs, Flashpoint security analyst David Shear discovered hundreds of boards exposing data and passwords on Trello from government agencies, healthcare organizations and others. This follows news that large enterprises and government agencies accidentally set Amazon Web Services buckets and Google Groups to public. By default, Trello boards are either password-protected or visible only to team members. However, it is possible to share boards with anyone on the web, and the contents of those boards can even be indexed by search engines. Shear found organizations sharing logins and passwords on Trello for corporate Wor...