Trello, a popular online task-management website that organizes to-do lists and coordinates team tasks, has been found exposing a huge trove of private data to the public, according to a report from Naked Security.
While the default setting for Trello boards is set to ‘private’, several users change them to ‘public’, which means that the content posted there can be viewed by anyone.
When a Trello board is made public, a search engine such as Google is efficient at getting the content of that board into its index. This means anyone with a browser, in theory, could see the data, which included names, addresses, performance ratings, and company training videos, simply by using a specialized type of search called a ‘dork’.
Craig Jones, a global cybersecurity operations director at Sophos, has been keeping a watch on the public Trello board for a couple of years now. In fact, he had first tweeted about this in the year 2018.
One of the worst Trello boards I came across, a HR onboarding Trello board, it's been reported and removed now. It had so much PII I nearly ran out of blue… #passwords #infosec pic.twitter.com/ZK3fpeKNpH
— Craig Jones (@albanwr) April 17, 2018
However, the rec ..
Support the originator by clicking the read the rest link below.
