Trello data exposed

If you are a user of the poular task management service Trello, you should take a few minutes to check you privacy settings.

Although the default option for new boards is ‘Private’, security researchers have discovered many boards that have been set to ‘Public’ by the board owners, either in error or because they misunderstood the implications of changing the settings. To make matters worse, search engines like Google are indexing the data making it very easy to access sensitive information.

Here are some examples of data that has been made publicly available on Trello that was discovered by one security researcher:

  • A staff board for a facilities company that listed names, emails, dates of birth, ID numbers, bank account information, and more.
  • An HR board that details a specific job offer to someone, including their salary, bonus and contractual obligations.
  • A board relating to a pub which included details of customer fraud, Gmail and social media passwords and passwords and credentials belonging to a global IT household name.

So if you are a Trello user, check the status of your boards and set anything with sensitive data in it to “private” or contact the board owner.

Contact Us

Please complete the form below and we’ll be in touch shortly to talk about your requirements in more detail.

Please enable JavaScript in your browser to complete this form.
By clicking Submit you consent to us contacting you regarding this query. We will not use this information for any other purpose or share it with any third parties.

Get In Touch

Fill in the form below to book a 30 min no-obligation consulting session.