It’s also possible that some are made public by one individual for a legitimate reason, the security implications of which are lost on other users of the same board. The design of Trello has changed over the years so it might be related in part to a past issue. ![]() One would assume, in most cases, this is not deliberate. Why do people set sensitive boards to public? He found a board relating to an Australian pub which included details of customer fraud, bucketloads of gmail and social media passwords, and API keys, passwords and credentials belonging to a global IT household name.Ĭraig has contacted the companies where he can, to inform them their data is publicly accessible. He found a board from a housing company detailing the fixes needed in each accommodation, including broken door locks:Ĭraig also discovered a staff board for what appears to be some sort of facilities company that listed names, emails, dates of birth, ID numbers, bank account information, and more:Īnd then there’s an HR board that details a specific job offer to someone, including their salary, bonus and contractual obligations: When news broke last week about office space company Regus exposing the performance ratings of hundreds of its staff via a public Trello board, Craig thought he’d take another look at what’s out there.Īn enthusiastic Trello user himself, Craig quickly found a trove of highly sensitive data sprayed out by sizeable numbers of public Trello boards. #passwords #infosec /ZK3fpeKNpH- Craig Jones April 17, 2018 It had so much PII I nearly ran out of blue. One of the worst Trello boards I came across, a HR onboarding Trello board, it's been reported and removed now. Our global cybersecurity operations director at Sophos, Craig Jones, has been keeping an eye on this for a couple of years, first tweeting about it in 2018. Not only that, search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards’ contents using a specialised type of search called a ‘dork’.Īnd it’s surprising how much sensitive data there is. ![]() While the default for Trello boards is set to ‘private’, many users set them to ‘public’ which means that anyone can see what’s posted there. Trello is great for organising to-do lists and for coordinating team tasks.īut it has its downsides too. Hands up who’s used the increasingly popular online collaboration platform Trello?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |