Skip to content

15M+ Trello emails dumped on hacking forum for a meagre $2.32

  • by
  • 2 min read

In January 2024, a threat actor named emo released over 15 million email addresses linked to Trello accounts for only $2.32, exploiting an unsecured API.

In January, multiple reports surfaced that a hacker known as ’emo’ was selling profiles of 15,115,516 Trello members on a prominent hacking forum. While most of the data in these profiles were public, each contained a non-public email address associated with the account.

The hacker confirmed to BleepingComputer that the data was collected using an unsecured REST API. This API allowed developers to query public information about a profile based on users’ Trello ID, username, or email address.

Emo compiled a list of 500 million email addresses and fed them into the API to determine their association with Trello accounts. The resultant list was combined with returned account information to create profiles for over 15 million users.

Now, emo dumped all the exfiltered data on the Breached hacking forum for eight site credits, equivalent to $2.32. In a forum post, emo explained, “Trello had an open API endpoint that allows any unauthenticated user to map an email address to a Trello account. I originally intended to use emails from ‘com’ (OGU, RF, Breached, etc.) databases but decided to keep going until I was bored.”

This is an image of data breach featured cybersecurity 113 e1666861228304

The compromised information includes users’ email addresses and publicly available details from their Trello profiles, including full names. This data breach raises concerns about potential phishing schemes, where attackers could use the stolen information to craft convincing messages to trick users into revealing sensitive data like passwords.

Furthermore, security researchers also suggest that the exposed data might be exploited for doxxing purposes. This could allow malicious actors to connect email addresses with real identities and online aliases, potentially compromising users’ privacy and online personas.

It’s important to note that the full extent and potential misuse of this data are still being assessed.

Poorly protected application programming interfaces (APIs) have emerged as a prime target for cybercriminals. Recently, a security flaw in Twilio’s API resulted in hackers leaking nearly 33 million phone numbers associated with the Authy app.

In the News: TAG-100 cyber espionage campaign hits 11 countries

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

How to download print google calendar? | candid. Technology

Chinese hackers are using Google Calendar to target governments

Illustration: jmiks | shutterstock

Fake AI software installers are spreading ransomware

This is an image of router vs wifi

ASUS routers hacked in mass backdoor campaign

This is an image of dark web hacker security

Victoria’s Secret website taken down after cyber attack

This is an image of spyware malware cybersecurity privacy featured 31

Virgin Media’s O2 network exposed customer phone locations

This is an image of malware featured security

Hackers caught using fake AI websites to spread malware

>