607
15M Trello accounts have been leaked (lemy.lol)
submitted 1 year ago* (last edited 1 year ago) by syd@lemy.lol to c/technology@lemmy.world
100 comments fedilink hide all child comments

I just got the email from haveibeenpwned. F Trello.

you are viewing a single comment's thread
view the rest of the comments
[-] CosmicTurtle@lemmy.world 31 points 1 year ago

Yes but this wasn't a data breach. This was a data stuffing incident, meaning they took someone else's data dump and tried their email and credentials here.

  • never use the same username and password in two or more places
  • always use MFA, a hard token if you can like a yubikey
[-] fine_sandy_bottom@discuss.tchncs.de 12 points 1 year ago

It's a breach.

Attackers queried email addresses and trello responded with names and user names.

[-] drmoose@lemmy.world 6 points 1 year ago

real names is definitely a breach

[-] scarilog@lemmy.world 4 points 1 year ago

Oooh that's pretty bad

[-] Paragone@lemmy.world 2 points 1 year ago

Do you own a Yubikey?

Have you ever succeeded in getting it to work with anything??

It didn't work with gmail, or any other online account I had.

An absolute waste of $$.

[-] brian@programming.dev 7 points 1 year ago

mine works for my personal google account, work one is sso and doesn't have it enabled. otherwise gh, aws, auh0 support it, I'm forgetting some others I use. beyond that you can generate 2fa codes too

[-] CosmicTurtle@lemmy.world 2 points 1 year ago

I use yubikey everywhere it's available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

But today, it's usually as simple, or simpler, than TOTP.

So it might be worth trying again. I'd use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you're into that.

I just wish YubiKey could store more than like 30 TOTP tokens.

[-] Subverb@lemmy.world 1 points 1 year ago

I use mine with AWS.

[-] CucumberFetish@lemm.ee 1 points 1 year ago

Sounds like a skill issue.

Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.

[-] JustUseMint@lemmy.world 1 points 1 year ago

Physical token over TOTP authenticator?

[-] brian@programming.dev 2 points 1 year ago

all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection

[-] Kayel@aussie.zone 2 points 1 year ago

I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.

this post was submitted on 22 Jan 2024
607 points (100.0% liked)

Technology

63134 readers
3327 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world