- Total Records15,182,077
- Unique Emails15,280,538
- Unique Email Providers1,062,650
- Unique Usernames14,882,421
- Unique First Names11,720,856
Trello Data Breach Exposes Over 15 Million Records in January 2024
In January 2024, Trello—a popular platform for project management and team collaboration—faced a data breach that affected more than 15 million users worldwide. This incident caught the attention of both cybersecurity professionals and everyday users as details emerged about how the data was obtained and subsequently put up for sale on a hacking forum. The breach stemmed from a publicly accessible resource, highlighting how seemingly routine platform settings can create significant risks when sensitive user details are involved. The compromised data included user email addresses, usernames, full names, and public profile URLs, sparking concern about exposure even though no system intrusion was reported by Trello itself.
What Happened During the Trello Breach?
The breach came to light on January 16, 2024, when information about the scraped records surfaced online. Threat actors exploited an open resource tied to Trello’s public user profiles, collecting details from accounts that were available to anyone on the internet. The fact that these details could be gathered without any unauthorized access to Trello’s core systems demonstrates just how exposures can occur, even without a platform itself being directly hacked.
Scope of the Breach
Over 15 million user records were exposed in this incident. The dataset included the following information for each affected user:
- Email addresses
- Usernames
- Full names
- Profile URLs
These elements were gathered across a broad sweep of accounts, potentially impacting a wide range of personal and business users.
How Was the Data Acquired?
Attackers leveraged the visibility of Trello’s public resources, scraping available data rather than breaching internal systems. After harvesting the information, they listed the database for sale on a popular hacking forum, making it accessible to malicious actors seeking to exploit or monetize personal details. Trello responded by clarifying that no unauthorized system access or breach of private internal data had taken place, but the exposure was nonetheless significant because the scraped information was real and affected a large user base.
Timeline of the Trello Data Breach
- Pre-January 2024: Trello’s public resource remains accessible and is gradually indexed by automated tools.
- January 16, 2024: The breach is first publicly disclosed after 15 million records are posted for sale on a hacking forum.
- Following days: The incident is widely discussed in information security circles, with concerns raised over public resource visibility and potential for phishing or targeted attacks based on the leaked details.
Frequently Asked Questions
What information was leaked in the Trello data breach?
The breach exposed email addresses, usernames, full names, and public profile URLs of over 15 million Trello users.
How many users were affected by the Trello 2024 breach?
More than 15 million user records were exposed during the January 2024 Trello data breach.
When did the Trello breach happen?
The breach was disclosed in January 2024, with reports emerging around January 16.
How did hackers get the Trello data?
The data was obtained by scraping publicly accessible profiles and resources, not by unauthorized access to Trello’s internal systems.
How can I check if I'm in the Trello breach?
You can check if your information was part of the Trello breach by utilizing the DeHashed search engine.