Passwords, personal data and more – are your staff sharing more about your business than you think?
Security researchers recently found mountains of personally identifiable information (PII) which had been inadvertently made public through Trello, a web-based task management app.
This included passwords, bank account details, and people’s employment and medical details, all of which could have been exposed to anybody – including competitors and cybercriminals.
Accidental disclosure
Trello lets you organise tasks using ‘boards’, which are initially set to ‘private’ by default. But many users changed their boards to ‘public’ in order to collaborate with colleagues – with the unintended side-effect of making them visible to anyone.
The employees involved didn’t deliberately make the information public, and therefore wouldn’t have realised the information was out there.
To compound the problem, Google’s search bot had thoroughly indexed Trello’s public boards, meaning they could be easily found using a standard web search.
The discovery was made by Craig Jones of cybersecurity company Sophos. It was discovered that one company had accidentally published performance ratings of 900 managers on a public Trello board.