Michael Pryor

May 2, 2018

When Your Employees Post Passwords Online

This post was originally published on this siteStoring passwords in plaintext online is never a good idea, but it’s remarkable how many companies have employees who are doing just that using online collaboration tools like Trello.com. Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords for sensitive internal resources. Among those put at risk by such activity included an insurance firm, a state government agency and ride-hailing service Uber.com. By default, Trello boards for both enterprise and personal use are set to either private (requires a password to view the content) or team-visible […]
June 6, 2018

Further Down the Trello Rabbit Hole

This post was originally published on this siteLast month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines. By default, Trello boards for both enterprise and personal use are set to either private (requires a password to view the content) or team-visible only (approved members of the collaboration team can view). But individual […]