Products
▸
Almost a million Trello boards, thousands of which contain corporate data of large and small Russian companies, were publicly available.
Alexey Parfentiev, leading analyst at SearchInform: “Scammers can use data from the boards to attack company customers or hack corporate Instagram accounts - last fall there was a surge”.
For now, Trello is one of the most popular task managers in Russia - it is used both by SMB segment and by large organizations, including banks.
On Trello boards organizations used to post:
Such negligence resulted in more than 9 thousand boards featuring highly sensitive information being publicly available.
Default settings presuppose restricted access; however, for their convenience users change them to public ones. In this case, the boards start being indexed by search engines.
Open-board-problem is not a new phenomenon. Thus, in 2017, Trello boards exposed data from Rostelecom (Russia's
leading long-distance telephony provider.), Acronis (global technology company), and MTS (the largest mobile network
operator in Russia) In 2018, KrebsOnSecurity
also reported a leak from ride-hailing service Uber.
Alexey Parfentiev, leading analyst at SearchInform:
For exposing employee and customer confidential data companies may face fines under the Personal Data Protection
Act. In February 2021, the State Duma passed a bill to increase the fines for violating the law on Personal
Data.
For now, the main recommendation for Russian companies is to switch to paid online project managers or avoid posting confidential corporate information in Trello.