![]() Trello responded to this report by making private many of the boards referenced above other reported boards appear to remain public, minus the sensitive information. Other entities that inadvertently shared passwords for private resources via public Trello boards included a Chinese aviation authority the International AIDS Society and the global technology consulting and research firm Analysis Mason, which also exposed its Twitter account credentials on Trello until very recently. It’s not clear how the hijacker obtained her password, but it appears to have been on Trello for some time. One realtor from Austin, Texas who posted numerous passwords to her public Trello board apparently had her Twitter profile hijacked and defaced with a photo featuring a giant Nazi flag and assorted Nazi memorabilia. Apparently, this person re-used her Trello account password somewhere else (and/or perhaps re-used it from a list of passwords available on her Trello page), and as a result someone added a “You hacked” card to the assistant’s Trello board, urging her to change the password. One of my favorites is a Trello page maintained by a “virtual assistant” who specializes in helping realtors find new clients and sales leads. There appear to be a great many marketers and realtors who are using public Trello boards as their personal password notepads. Department of Health and Human Services (HHS) - that was leaking credentials. Shear’s sleuthing uncovered a public Trello page maintained by - the official Web site of the National Coordinator for Health Information Technology, a component of the U.S. The (now defunct) Trello page for the Maricopa County Department of Public Health.Įven federal health regulators have made privacy missteps with Trello. But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the company’s WordPress blog and iPage domain hosting. cybersecurity firm that touts the ability to detect and stop data breaches in real time. One particularly jarring misstep came from someone working for Seceon, a Westford, Mass. And they tracked it all via Trello pages.” You could see who all their clients were and see credentials for clients to log into their own sites. “We also found a Web development team that’s done a lot of work for various dental offices. “There’s a bunch of different IT shops using it to troubleshoot client requests, and to do updates to infrastructure,” Shear said. Shear said he’s amazed at the number of companies selling IT support services that are using Trello not only to store their own passwords, but even credentials to manage customer assets online. KrebsOnSecurity worked with Shear to document and report these boards to Trello. Amid his digging, Shear documented hundreds of public Trello boards that were exposing passwords and other sensitive information. Shear spent several weeks last month exploring the depths of sensitive data exposed on Trello. Whether you’re delegating tasks to your team, or planning your family life, Trello can be an effective productivity tool to help you visually view your tasks, allowing you and your team to manage it all in one place.But individual users may be able to manually share personal boards that include personal or proprietary employer data, information that gets cataloged by Internet search engines and available to anyone with a Web browser.ĭavid Shear is an analyst at Flashpoint, a New York City based threat intelligence company. Trello then takes it one step further – allowing you to add coloured labels, checklists and due dates. ‘Watching’ the board also allows you to keep up to date with the updates by emailing you when new ones are made – nifty! Not only this, but you can add team members, assign them tasks, and view an ‘activity feed’ from them, where you can add comments and stay in the loop. Trello allows you to create ‘boards’, whether that be an individual one for a project, or dedicating a board to sets of activities, where you can prioritise your tasks. Or, think of it like sticky notes on a wall, converted to an online tool that you can take around with you anywhere you go – great for working at home or on the go. Trello gets its inspiration from Kanban, which is a japanese system that organises workflow visually, with cards organised into columns often named ‘to do’, ‘doing’ and ‘done’. There really are no limits! Plus it’s completely free. And it doesn’t have to be limited to your work life – you can use it in your personal too. Trello is a project management application tool that is available online and through mobile, allowing you to delegate tasks and reach your optimum productivity.
0 Comments
Leave a Reply. |