Hey Trello Community,
We are aware of claims made by a threat actor about Trello user profile data. We completed an exhaustive investigation and did not find evidence to support that this data was gathered by unauthorized access. A threat actor, who was in possession of a pre-existing list of email addresses, used those email addresses to lookup public Trello user profiles. The email addresses and the public Trello user profile data were combined to create the final data set.
We want to reassure you that the threat actor only obtained Trello user profile information that was already publicly available and combined this information with email addresses that the threat actor had obtained from another source.
There is no action you need to take related to your Trello account, however, please review your Trello privacy settings to ensure anything in a public field is something you don’t mind being public. To view your public profile, log into Trello and go to trello.com/you.
Moreover, here are some general best practices to keep your account secure:
Enable two-factor authentication on your Trello account.
Use a strong unique password mixing letter, numbers, and special characters.
You can also use a password manager such as LastPass or Bitwarden to generate and manage your account’s password.
We have more details on these practices to increase the protection of your account here: Protect your Atlassian account | Atlassian Support.
If you have additional questions, please reach out to our Trello Support team here.
Erika Storli
Senior Product Marketing Manager, Trello
2 accepted answers
8 comments