Trello, a hackers paradise

At lesae some of you might think that it’s pretty hard to gather valid credentials from users, or you have to phish or steal them in some kind of way. But it’s much easier…

Sure you can google for “password” or use dorks searching for password like results. But it’s even more easy!

Trello, a project management tool used by millions of users is public sharing all those interesting details to the world. All because users are stupid! You can find anything there: login details, cc numbers, aws keys, db passwords and much more.

Of course trello is aware of that problem but they’re not getting rid of it. They said they’re working on the problem and taking steps making those boards private, but as always admins need to protect their users like cars have to protect the passengers….

Some examples: gmail password gmail wachtwoord amex exp aws key private key db password