Millions of Exim Mail Servers Exposed to Zero-Day RCE Attacks
A critical security issue has been found in all versions of Exim mail transfer agent (MTA) software. This vulnerability could allow unauthorized...
1 min read
Ryan Crocker : Jan 30, 2024 3:45:18 PM
Approximately 15 million names, usernames, and email addresses linked to public Trello boards have surfaced on the Dark Web for sale, posing a risk of account takeovers and spear-phishing attacks.
Atlassian's Response and API Modification
Atlassian, the parent company of Trello, has responded by making changes to a critical API to prevent future scraping attacks. However, researchers argue that Atlassian downplays its responsibility for the incident.
Exploitation of Trello's API Vulnerability
The hacker, identified as "emo," exploited a vulnerability in Trello's API, conducting a business logic attack. By querying the API with an email address, emo obtained public profiles associated with the email, resulting in the collection of 15 million Trello profiles.
Atlassian's Stance and API Tightening
While Atlassian asserts that no unauthorized access occurred, the company acknowledges the need for API configuration improvement. Changes were made to restrict unauthenticated users from accessing another user's public information via email, while authenticated users still have access to publicly available information.
Debates on Trello's Accountability
The incident has sparked debates about Trello's accountability for data scraping. While Atlassian contends that the scraped data was already public, critics argue that Trello should take more responsibility for safeguarding user information.
Hacker's Access to a Vast Pool of Email Addresses
The hacker behind the attack, emo, had access to a vast pool of known email addresses. Trello emails were linked to various sources, including Wattpad, Canva, Dropbox, Twitter, Gravatar, and more.
Implications for Businesses and Enhanced Security Measures
Businesses impacted by the data scraping incident should prioritize additional security measures, such as multifactor authentication (MFA), to counter potential risks. Cybersecurity experts warn of increased credential stuffing attacks, emphasizing the need for unique credentials and robust security controls.
Phishing Threats and Exploitation of Context
The aftermath of the data scraping incident also poses a phishing threat. With context from the scraped data, cybercriminals can craft personalized phishing attacks, exploiting the knowledge of users' involvement in specific systems to deceive them into clicking malicious links.
Conclusion: Ensuring Robust API Security and User Accountability
In conclusion, the Trello data scraping incident underscores the importance of robust security measures. If using identical credentials across sites, the risk of compromise increases, emphasizing the need for heightened vigilance and unique login information.
Need help with your Cyber Security?
A critical security issue has been found in all versions of Exim mail transfer agent (MTA) software. This vulnerability could allow unauthorized...
Morgan Stanley has agreed to pay a $35 million penalty to the Securities and Exchange Commission (SEC) for data security breaches. These breaches...