"Trello Password Reset" - Why did I receive this mail?

madlozoz April 26, 2018

The mail says:

"We noticed some suspicious activity on your Trello account (...) we think someone may have stolen your username and password from another company's app or website"

But I am logging with my Google account!

When I tried to log in with a password (in case I forgot I had one), I've been answered that a google account can not log in with a password

Is this email a bug or is there something going on with my account???

 

 

3 answers

1 accepted

2 votes
Answer accepted
Mike
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 26, 2018

Hi all,

Mike from Trello Support here.

If you received that email, even though you're primarily logging in with Google, we did have a local password for your account, which was maybe created when you first signed up to Trello. As part of the reset process, I can no longer see exactly what happened with that local Trello password, unfortunately. Depending on the age of your account, you could also have inadvertently requested a password reset at at some point, but I can't say for certain.

Essentially, we spotted suspicious login activity—after some investigation, we determined that a password of yours was acquired from somewhere else, through another service's data breach, and then tested at trello.com, and our force resetting passwords was a safety measure, to be doubly sure that nothing is compromised.

In resetting the passwords, we removed any local, Trello password—this means that if you tried logging in at all, Trello would tell you that the only way you can log in is to use Google, but you can always go to https://trello.com/forgot and set a new password that way, which is what we recommend!

All passwords involved in this incident came from another source. We're not able to tell exactly which breach those came from unfortunately, but you may be able to find more details about exactly which external breach you were compromised in by checking https://haveibeenpwned.com/

If you have any further questions, please don't hesitate to get in touch: https://trello.com/contact

madlozoz April 26, 2018

Thanks. This can match my story

The problem now is that I'm not sure which password I was using in ancient time :D

0 votes
Deleted user April 26, 2018

I received the same message and was confused.  If I use Google (Gmail) to log in, Trello should never have a password on file for me. 

 

This part is also confusing "Because it looks like you may have used a password for Trello that was also used in another app or website that was hacked, we've gone ahead and reset your password just to be safe."

They didn't reset my password because I never set one, and I can still just hit "Login with Gmail" and access my trello information.

I'm confused.

0 votes
Spencer Crocker April 26, 2018

I received that email too today and I also log in with my Google account. Posting to keep track of the answer.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events