Another cloud security issue caused not by the cloud, but by how people use the cloud. Security firm Sophos has been taking a look at the information that people and companies store on Trello and found a cornucopia of sensitive information ranging from employee performance reviews, compensation numbers, personal ID information to passwords for systems. All of this information was stored on spaces whose owners had to choose to make them public (Trello defaults spaces to private).
To make matters even worserer, all this information is handily indexed by Google for the convenience of lookie-loos and criminals alike. Why did these folks take the extra step of making these boards public? Probably to avoid having to specify who should have access. They probably figured “what are the chances of someone coming across MY Trello board?” Well, I guess the chance was non zero. We have met the enemy and he is us.
RSS - Posts