Trellos 15M API Breach: What the Hack?!?
On January 16, 2024, an attacker by the name "emo" put 15,115,516 user profiles for sale on the dark web. What the Hack happened?!? Let's have a closer look at how this happened and what would have been necessary to prevent this from happening.
The user data included "emails, usernames, full names and other account info" according to the post on the dark web forum. While Trello user profiles are publicly accessible, they are not associated with personal email addresses. This breach connected the public info with the private email details.
In this video with Dan Barahona we look at how the breach took place, how the attacker leveraged weak authentication and collected 500M exposed email addresses to harvest 15M Trello user accounts, and learn how this attack maps to the API Security Top 10.
Read more about the breach here:
Register for APIsec University's free OWASP API Security Top 10 course here:
Visit the API Security Top 10 project page:
Watch video Trellos 15M API Breach: What the Hack?!? online without registration, duration 10 minute 49 second in high hd quality. This video was added by user Erik Wilde 14 February 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1 thousand once and liked it 7 people.