The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.
Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.
The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.
Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees".
According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services.
"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.
Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.
Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.
Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.
"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.
Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.
