Murphy's Law

Share this post

Murphy's Law
Murphy's Law
Have I Been Pwned | Trello data breach 16 Jan 2024
Copy link
Facebook
Email
Notes
More

Have I Been Pwned | Trello data breach 16 Jan 2024

I got an email titled "You're one of 15,111,945 people pwned in the Trello data breach" from Have I Been Pwned.

Romio
Jan 23, 2024

Share this post

Murphy's Law
Murphy's Law
Have I Been Pwned | Trello data breach 16 Jan 2024
Copy link
Facebook
Email
Notes
More
1
Share

Trello is a nice project management tool for freelancers to small to medium businesses. A lot of people depend on this service.

Have I Been Pwned email notification about the Trello breach.
Have I Been Pwned email notification about the Trello breach.

I got an email (IST 03:05 AM) from a free service that allows users to check if their personal data has been compromised in data breaches called Have I Been Pwned (HIBP).

The first thing I did is, I check for official email responses from Trello/Atlassian. And surprisingly I found “0” emails.

It says in the Have I Been Pwned email that;

Date of breach: 16 Jan 2024

Number of accounts: 15,111,945

Compromised data: Email addresses, Names, Usernames

Description: In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.

If it really happened, why didn't Trello or Atlassian notify the users about this potential breach? Or if not, why didn't they clarify it?

So I Googled it…

This is the search result as of 23 Jan 2024 about the Trello breach.
This is the search result as of 23 Jan 2024 about the Trello breach.

It really raises concerns about safety and privacy. I believe they have the responsibility to notify users momentarily if something like this happens. This is not a piece of news that a person needs to find out from an external service.

Why no major news platforms haven't covered it yet? If this was a fake why the company keeps silent?

I checked the Have I Been Pwned website too.

Have I Been Pwned email search result
Have I Been Pwned email search result

And the link in the above image redirects to a Tweet…

A tweet about the Trello breach; data was scraped from Trello and posted for sale on a popular hacking forum.
A tweet about the Trello breach; data was scraped from Trello and posted for sale on a popular hacking forum.

I understand that breaches might happen to online platforms and no one is 100% secure from online threats. But as a legitimate platform, you have the responsibility to notify users, so that they can be prepared or be alert.

Please don't think that it is just “Email addresses, Names, Usernames”. That is enough for online identity theft.

I struggled a lot to keep my email from spam and phishing-free emails. It took a lot of months to clear all the spammy emails. Now it will happen again, I think.

I haven't used Trello for a long time now, so logged in again to check whether they pushed any in-app alerts in the web app. So far nothing.

https://twitter.com/haveibeenpwned/status/1749522902247202880

Share this post

Murphy's Law
Murphy's Law
Have I Been Pwned | Trello data breach 16 Jan 2024
Copy link
Facebook
Email
Notes
More
1
Share

Discussion about this post

No posts

Ready for more?

© 2025 Romio
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More