FYI - got a notification about this this morning - just wanted to pass it along
In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
The same for me, I am following this. What can I do to minimize the effect?
As the Article suggests, no email addresses or names were directly obtained from Trello, only the public bio page was accessed. If it so happens that your email was matched to your Trello username, you may want to ensure that your email address is better protected.
The article sets out the steps you can take to protect yourself:
Enable two-factor authentication on your Trello account.
Use a strong unique password mixing letter, numbers, and special characters.
You can also use a password manager such as LastPass or Bitwarden to generate and manage your account’s password.