I just got the email from haveibeenpwned. F Trello.
Obligatory: companies should face harsh penalties for this stuff.
Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.
- never use the same username and password in two or more places
- always use MFA, a hard token if you can like a yubikey
Do you own a Yubikey?
Have you ever succeeded in getting it to work with anything??
It didn’t work with gmail, or any other online account I had.
An absolute waste of $$.
Setting up: https://www.yubico.com/setup/yubikey-5-series/
Supported services: https://www.yubico.com/works-with-yubikey/catalog/
Google Accounts (for your gmail): https://www.yubico.com/works-with-yubikey/catalog/google-accounts/
They do, in the EU. If you fuck up your customer’s data, you’ll face fines consisting of hefty percentages of your yearly revenue!
https://www.enforcementtracker.com/
Yep, hefty. Top 5: 1.2B meta, 746M amazon, 405M meta, 390M meta, 345M tiktok (all in €).
That’s not what it means to breach an account…
How about “leaked”? I chose “breached” because title of mail was “You’re one of 15,111,945 people pwned in the Trello data breach”
