Attention! Attention! Review info on your public Trello boards!

Hi community! 

 

Trello is awesome product, but we need to consider security. 

If you have use the public boards publicly available on Internet you might be exposing more information than intended! See below :)

 Everyone knows the Google indexing so much info from web sites.
In fact, if you write the correct request you can get sensitive information from Trello user boards.

For example:

Also you can find for other domain and interesting phrases.

 

Conclusion:

  1. Please, review info on your boards.
  2. Change passwords any other credentials
  3. Don't put sensitive info on trello boards!
  4. And push Trello support to remove indexed page from Google cache, and other search platforms like Yandex, Yahoo.
  5. If you have the Premier support, let's raise issues about stop indexing and remove from Google cache.


Hope it helps!
I will be happy if you send to other users this info.
In my opinion, so much users from the it world parse info.
Also you can help to prevent use the sensitive data just suggest some static checker on Trello side like Sonar (popup window if find word password), also stop indexing ( I mean review robots.txt).

 

 

 

Thanks
Cheers,
Gonchik Tsymzhitov

5 comments

Cassie Mayes Atlassian Team May 11, 2018

Hi Gonchik,

When a board is made public, Google is pretty good at getting the content of that board into their index. They're less good about coming back and checking that the board is still public. Once the board is made private, we are reporting the right status to Google (i.e., 404), but they need to be told that this is a permanent state of affairs, not a one-time glitch or programming error.

The request has more weight coming from a non-owner of the site than it does when it comes from the owner. You can help them realize a board is no longer public with the instructions in this article:


http://support.google.com/webmasters/bin/answer.py?hl=en&answer=1663691


Submitting that de-listing request is going to be the best way to remove that listing from Google.

I hope that helps!

Matt Doar I'm New Here May 11, 2018

I see Trello does warn people about their site being indexed by Google, but maybe the default should be that the robots.txt file tells Google *not* not index the site?

@Matt Doar to my understand public boards should not be indexed. 

I hope these a few steps will be good for next step.

0. Stop indexing any boards, only blog, marketing and documenation can be indexed

1. Therefore the better way is remove from google cached indexed pages. 

2. Also I think nice feature is implement some js script which will check static phrases like ( password, credit card number, emails)

3. And the end sometime shows the good practices for the security https://help.trello.com/article/789-changing-the-visibility-of-a-board-to-public-private-or-team

 

@Cassie Mayes thank you for the answer!

 

Cheers, 

Gonchik Tsymzhitov

Hi Gonchik!

Public boards are meant to be indexed. Many organizations use them to house public development boards, planning, and more. A public board is meant to be seen by the public, and removing them across all of Trello from Google would severely impact many use cases. 

In the past, Trello has forced public boards containing login information to become private (or team visible). I am unsure if this is a regular thing they do, or if it was only done the one time. 

However, Trello is pretty clear that the boards will be visible in Google when made public. Unfortunately, many organizations don’t have great security practices and run big risks like this. It’s always good to make sure the organizations using Trello take the time to make sure our boards don’t contain sensitive information :) 

But in my opinion, it would do more harm than good to remove Trello public boards from Google’s index. Many groups use and need this feature. Instead, let’s all spread the word so we are responsible for the sensitive information we manage :)

Gonchik Tsymzhitov Community Champion Friday

Hi! 

 

Looks like not many person wants to clear and conert to the private board with sensitive data. 

And Trello support did not get for me any answer. 

 

 

Cheers,

Gonchik Tsymzhitov

Comment

Log in or Sign up to comment
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Apr 23, 2018 in Trello

Using Trello to manage events

As a Jira power user, I was at first doubtful that Trello could benefit my workflow. Jira already uses boards (ones you can customize!), so why would I even need to use Trello?! In this post you will...

764 views 10 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you