Trello data breach of 15M accounts; Loan Depot 16M customers – 9to5Mac

A reported Trello data breach has seen the personal details of more than 15 million users put up for sale on the dark web.

A separate Loan Depot ransomware attack resulted in more than 16 million customer accounts compromised, taking a number of the company’s web services offline …

Trello data breach

HackManac spotted the Trello user data being made available for sale.

Trello Allegedly Breached: Database of 15,115,516 User Records Up for Sale. The cybercriminal, who goes by the name ’emo,’ claims that the database includes data such as emails, usernames, full names, and other account information.

This was confirmed by Have I Been Pwned, which says that the data came from testing email addresses obtained from other hacks against the Trello service.

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.

Passwords are not included in the data, and Trello says there has been no unauthorized access.

You can check your own email address against this and other data breaches.

Loan Depot cyber attack

Separately, Bleeping Computer reports that more than 16 million Loan Depot customers have had their data compromised.

Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month […]

Today, after confirming that millions of people had their data stolen, the company said it would notify individuals impacted by this data breach, providing them with free credit monitoring and identity protection services […]

Given that loanDepot stores sensitive customer financial and bank account information, those affected by this breach should know they might be the target of phishing attacks and identity theft attempts.

What to do if you are affected

First, change your password to a strong, unique one.

Second, you should ensure that you never re-use passwords for more than one service; if you’ve done so, then change your passwords on all the services concerned. The built-in password manager in Safari will remember these for you, and let you automatically enter them across multiple Apple devices.

Third, be alert to phishing attacks which may use data obtained from breaches like this to appear more convincing. Just because an email or phone caller knows things about your account, don’t assume this means they are actually from the claimed company or organization. Always visit accounts from your own bookmarks, or searching for the correct web address, and always call companies back from your own contacts or web search before revealing any personal information.

Be particularly alert to anyone claiming you need to act quickly to protect your account or claim a refund: suggesting a close deadline, or applying pressure to act immediately, is a sure sign of a scam.

Photo by Matthew Guay on Unsplash

Add 9to5Mac to your Google News feed.