Another great find reported by Brian Krebs on accidental exposures. Company passwords and sensitive data are unintentionally being left open and indexable by Google via Trello board setting errors.
We see PII, PHI and other sensitive data exposed every day from platforms, servers and devices left open and unsecured. This problem doesn't seem to be going away.
Storing passwords in plaintext online is never a good idea, but it’s remarkable how many companies have employees who are doing just that using online collaboration tools like Trello.com. Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords for sensitive internal resources. Among those put at risk by such activity included an insurance firm, a state government agency and ride-hailing service Uber. By default, Trello boards for both enterprise and personal use are set to either private or team-visible only. But that doesn’t stop individual Trello users from manually sharing personal boards that include proprietary employer data, information that may be indexed by search engines and available to anyone with a Web browser.