15M Trello accounts have been leaked - eviltoast

I just got the email from haveibeenpwned. F Trello.

  • CosmicTurtle@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    7
    ·
    11 months ago

    Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.

    • never use the same username and password in two or more places
    • always use MFA, a hard token if you can like a yubikey
      • brian@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection

      • Kayel@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.

    • Paragone@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      9
      ·
      11 months ago

      Do you own a Yubikey?

      Have you ever succeeded in getting it to work with anything??

      It didn’t work with gmail, or any other online account I had.

      An absolute waste of $$.