A new bit of research from David Shear at security firm Flashpoint found that there are hundreds if not thousands of open Trello boards containing passwords, login credentials, and other potentially sensitive stuff including employee on-boarding documents.
He and Brian Krebs reported the boards to Trello although some folks have already been notified by well-meaning hackers who wrote Change your password on some of these public boards.One particularly jarring misstep came from someone working for Seceon, a Westford, Mass.
cybersecurity firm that touts the ability to detect and stop data breaches in real time, wrote Krebs.
But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the companys WordPress blog and iPage domain hosting.Another Trello board made at Red Hat in 2017 offered passwords to a pair of online test servers.Trello worked with the pair to take down the public boards they found and is working with Google to remove the cached sites.We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings at the top of each board, said a Trello spokesperson.Missteps like these are sadly common.
Another rich trove of user data, Github, has been used to find private passwords for years.
Anecdotally, a project I was working on suffered a breach when the CTO put a Bitcoin private key into some public Github code.
Yeah.
Exactly.So, again, keep your Trello boards private, dont paste passwords willy-nilly, and maintain at least a basic level of operational security by not pasting passwords into any site that could make it public.
Its hard but definitely worth the effort.
Music
Trailers
DailyVideos
India
Pakistan
Afghanistan
Bangladesh
Srilanka
Nepal
Thailand
StockMarket
Business
Technology
Startup
Trending Videos
Coupons
Football
Search
Download App in Playstore
Download App
Best Collections