Many things don't matter at a small scale, but they do at 15M-scale.
Trello users are about to get bombarded by phishing attempts and spam.
All of the emails present in this "leak" were taken from other dumps. That's how it's made, they took a list of known emails and tried to link them to a trello account.[1]
> What's the endpoint?
I think https://developer.atlassian.com/cloud/trello/rest/api-group-.... The endpoint allows you to get all public info (bio and username) from a trello account by its email.[2]
> Why did it provide personal information?
So users can invite other users to their boards via their email address.
> Why wasn't it throttled?
It should've been.
[1]: https://haveibeenpwned.com/PwnedWebsites#Trello
[2]: https://www.bleepingcomputer.com/news/security/trello-api-ab...
All of the emails present in this "leak" were taken from other dumps. That's how it's made, they took a list of known emails and tried to link them to a trello account.[1]
> What's the endpoint?
I think https://developer.atlassian.com/cloud/trello/rest/api-group-.... The endpoint allows you to get all public info (bio and username) from a trello account by its email.[2]
> Why did it provide personal information?
So users can invite other users to their boards via their email address.
> Why wasn't it throttled?
It should've been.
[1]: https://haveibeenpwned.com/PwnedWebsites#Trello
[2]: https://www.bleepingcomputer.com/news/security/trello-api-ab...