Trello Darkweb exposure

I have the same notification and question. Why am I getting this notification from Norton and not directly from Atlassian/Trello? This is a flagrant breach of GDPR - you are required to notify me of the breach, the actions to be taken by you and me.

Also how come there is no direct way of contacting the company regarding this - just repetitive drop down menus circa to community boards. 

I will be contacting the UK data commissioner to get further guidance and the actions I am to take on this matter.

Until this is resolved I will retain my account, but once that is done I will ensure my account is deactivated, my data erased and everyone I know also has this same information.

I want a reply from Atlassian to this message!!

I received it from Google One, looking forward to having feedbackn

Hi everyone,

I would recommend reading out article over in https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253

I believe it explains better about this situation.

Andy

Hi everyone!

This is Sal from Trello. We are aware of claims made in January 2024 by a threat actor about Trello user profile data. We completed an exhaustive investigation and did not find evidence to support that this data was gathered by unauthorized access or that there was a breach of Atlassian systems or accounts. Rather, only information that was already publicly available on a user’s Trello account may have been viewed.

To provide more context, a threat actor, who was in possession of a pre-existing list of email addresses, used those email addresses to look up public Trello user profiles. The email addresses and the public Trello user profile data were combined to create the final data set. We want to reassure you that the threat actor only obtained Trello user profile information that was already publicly available and combined this information with email addresses that the threat actor had obtained from another source. We have conducted an exhaustive investigation and have not found any evidence of unauthorized access to Trello or user profiles.

We communicated with our customers in a community post, which you can find here: https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253. We can assure you the security and privacy of our users’ data is our highest priority, and we’re continuing to monitor this situation closely for any unusual activity.

For now, there’s no action you need to take related to your Atlassian/Trello account. However, please review your Trello privacy settings to ensure anything in a public field is something you don’t mind being public. To review your public profile, log into Trello and go to https://trello.com/you.

Moreover, here are some general best practices to keep your account secure:

• Enable two-factor authentication on your Atlassian/Trello account
• Use a strong, unique password mixing letters, numbers, and special characters
• You can also use a password manager such as LastPass or Bitwarden to generate and manage your account’s password.

Additionally, you can find more information on Atlassian’s robust security practices here: https://www.atlassian.com/trust/security/security-practices, and how to exercise data subject rights as outlined in our privacy policy here: https://www.atlassian.com/legal/privacy-policy#how-long-we-keep-information.