I saw this article today on Medium:How I used a simple Google query to mine passwords from dozens of public Trello boardshttps://medium.freec...rmation-8e5ccfef2724
A few days ago on 25th April, while researching, I found that a lot of individuals and companies are putting their sensitive information on their public Trello boards. Information like unfixed bugs and security vulnerabilities, the credentials of their social media accounts, email accounts, server and admin dashboards — you name it, is available on their public Trello Boards which are being indexed by all the search engines and anyone can easily find them.
With a simple google query, you can find this same info. And this was a few days ago, and it still exists today.
inurl:https://trello.com AND intext:@gmail.com AND intext:password
in a simple google query turns up username and passwords for some company gmail accounts.
I was flabbergasted when I saw that they still exist! There were other queries in there too for all sorts of simple information- stored in publicly accessible Trello boards. The even worse thing about this, is that this article was written on May 9
We know about the stupid things that people do. Using password for their password or abcdef or 12345. But this kind of stuff... I would still think that people at tech companies would take this into account.
I guess I was wrong.