• About & Contact Us
  • SEO Community

Ulancer.com

    • Latest Stories

      What is new?

    • Meet the startups that pitched at EF’s 10th Demo Day in London

      September 27, 2018

    • Rally Rd., the app that lets you invest in classic cars, raises $7M Series A

      September 27, 2018

  • News
  • How to’s
  • Writing
  • Startups
  • Jobs
  • More
    • CMS Tools
    • APPS
    • Web Resources
      • Advertising
      • Firefox
      • Scripts
      • Tools

A friendly reminder: Don’t put passwords in Trello

  • by Ulancer Contributor
  • In Startups
  • — 7 Jun, 2018

A new bit of research from David Shear at security firm Flashpoint found that there are hundreds if not thousands of open Trello boards containing passwords, login credentials, and other potentially sensitive stuff including employee on-boarding documents. He and Brian Krebs reported the boards to Trello although some folks have already been notified by well-meaning hackers who wrote “Change your password” on some of these public boards.

“One particularly jarring misstep came from someone working for Seceon, a Westford, Mass. cybersecurity firm that touts the ability to detect and stop data breaches in real time,” wrote Krebs. “But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the company’s WordPress blog and iPage domain hosting.”

Another Trello board made at Red Hat in 2017 offered passwords to a pair of online test servers.

Trello worked with the pair to take down the public boards they found and is working with Google to remove the cached sites.

“We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings at the top of each board,” said a Trello spokesperson.

Missteps like these are sadly common. Another rich trove of user data, Github, has been used to find private passwords for years. Anecdotally, a project I was working on suffered a breach when the CTO put a Bitcoin private key into some public Github code. Yeah. Exactly.

So, again, keep your Trello boards private, don’t paste passwords willy-nilly, and maintain at least a basic level of operational security by not pasting passwords into any site that could make it public. It’s hard but definitely worth the effort.


News source

You might also like...

  • Xage emerges from stealth with a blockchain-based IoT security solution 14 Dec, 2017
  • Facial recognition startup Kairos acquires Emotion Reader 11 Jul, 2018
  • Germany’s Penta is a new digital bank account for startups and SMEs 12 Dec, 2017
  • Taxify is entering the e-scooter game 6 Sep, 2018
  • Previous story Photos on social media can predict the health of neighborhoods
  • Next story Revolut announces a Robinhood-like trading product
  • RSS
    Receive Freebies & Latest Posts Directly To Your Email - it's Free!

    • Recent Posts
    • Most Popular
    • Comments
    • 7hrCggmJ-AMMeet the startups that pitched at EF’s 10th Demo Day in LondonSeptember 27, 2018
    • oNo38LV2tQIRally Rd., the app that lets you invest in classic cars, raises $7M Series ASeptember 27, 2018
    • Nearby.gifBerkanan is a Bluetooth-powered group messaging appSeptember 27, 2018
    • 2122.pngVinay Gupta to talk about Mattereum at Disrupt BerlinSeptember 27, 2018
    • slider_wp_03Best collection of WordPress Slider PluginsJuly 5, 2010
    • Joomla template builderTop 8 Free Joomla Template GeneratorsJuly 19, 2011
    • 40+ Best WordPress Plugins for Comments40+ Best WordPress Plugins for CommentsJune 18, 2011
    • wptheme2A Collection of Free WordPress ThemesJuly 11, 2010
    • Rithika Kumar on:5 Key Reasons to Choose WordPress for your Business Website
    • Ruslan Winter on:TransferWise’s next partnership could be with U.K. challenger bank Monzo
    • Sammy May on:Curve, the fintech that connects all your cards to a single card and app, gets full consumer launch
    • Sammy May on:Curve, the fintech that connects all your cards to a single card and app, gets full consumer launch
  • Staff Picks

    • slider_wp_03Best collection of WordPress Slider PluginsJuly 5, 2010
    • Joomla template builderTop 8 Free Joomla Template GeneratorsJuly 19, 2011
    • 40+ Best WordPress Plugins for Comments40+ Best WordPress Plugins for CommentsJune 18, 2011
  • Recent Posts

    • Meet the startups that pitched at EF’s 10th Demo Day in London
    • Rally Rd., the app that lets you invest in classic cars, raises $7M Series A
  • Search Our Blog

  • Ulancer is an insightful freelance blog and resource site. We provide intuitive articles that cover Photoshop tutorials, time-saving management tips covering a broad range of topics. We also have an active freelance community forum, there you can meet other freelancers that share your common interest, socialize and chat about freelance trending news as the occurred.

© Copyright 2013 Ulancer.