Trello Darkweb exposure

Changeling Gaming
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 24, 2024

Norton dark Web scanner just picked up that my personal data was ripped from Trello and posted onto the dark Web. Doesn't Atlassian have measures to prevent customer data breaches?

4 comments

Dmu22
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 24, 2024

I have the same notification and question. Why am I getting this notification from Norton and not directly from Atlassian/Trello? This is a flagrant breach of GDPR - you are required to notify me of the breach, the actions to be taken by you and me.

Also how come there is no direct way of contacting the company regarding this - just repetitive drop down menus circa to community boards. 

I will be contacting the UK data commissioner to get further guidance and the actions I am to take on this matter.

Until this is resolved I will retain my account, but once that is done I will ensure my account is deactivated, my data erased and everyone I know also has this same information.

I want a reply from Atlassian to this message!!

Like # people like this
Gabriel Furlong
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 24, 2024

I received it from Google One, looking forward to having feedbackn

Like Eric Steele likes this
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 24, 2024

Hi everyone,

I would recommend reading out article over in https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253

I believe it explains better about this situation.

Andy

Sal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 24, 2024

Hi everyone!

This is Sal from Trello. We are aware of claims made in January 2024 by a threat actor about Trello user profile data. We completed an exhaustive investigation and did not find evidence to support that this data was gathered by unauthorized access or that there was a breach of Atlassian systems or accounts. Rather, only information that was already publicly available on a user’s Trello account may have been viewed.

To provide more context, a threat actor, who was in possession of a pre-existing list of email addresses, used those email addresses to look up public Trello user profiles. The email addresses and the public Trello user profile data were combined to create the final data set. We want to reassure you that the threat actor only obtained Trello user profile information that was already publicly available and combined this information with email addresses that the threat actor had obtained from another source. We have conducted an exhaustive investigation and have not found any evidence of unauthorized access to Trello or user profiles.

We communicated with our customers in a community post, which you can find here: https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253. We can assure you the security and privacy of our users’ data is our highest priority, and we’re continuing to monitor this situation closely for any unusual activity.

For now, there’s no action you need to take related to your Atlassian/Trello account. However, please review your Trello privacy settings to ensure anything in a public field is something you don’t mind being public. To review your public profile, log into Trello and go to https://trello.com/you.

Moreover, here are some general best practices to keep your account secure:

Additionally, you can find more information on Atlassian’s robust security practices here: https://www.atlassian.com/trust/security/security-practices, and how to exercise data subject rights as outlined in our privacy policy here: https://www.atlassian.com/legal/privacy-policy#how-long-we-keep-information.

Like Andy Heinzer likes this
benjlai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 24, 2024

Atlassian’s response so far has been extremely disappointing. I only found out via an alert from Equifax today informing me that my Trello details have been disclosed on the Dark Web. Instead of sending out emails to your 15M customers and alerting them of the breach on the 18th of July, you placed it on a web page which has been viewed 9K times, (0.06%).

Data breaches will happen and once they occur, they are out of your control, but how you respond to them is just as important. Right now, you are failing the most basic due diligence by not informing your customer base directly and giving your own customers the opportunity to update their passwords and enhance their security via 2FA to help protect their data.

Like Eric Steele likes this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events