UK government

The governments of the United Kingdom was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website.

The U.K. government also exposed a small quantity of code for running a government website, as well as a limited number of emails.

25 public Trello boards belonging to different U.K. government departments.

These included login credentials to a U.K. government account on a domain registrar, emails that had been pasted onto the boards, a link to a snippet of backend code of a government site, and information on bugs, albeit not bugs disclosing security issues.

It also included boards with conference call details and access codes, login information for a server administration tool known as CPanel.

U.K.’s Government Digital Service guidance states that no personal or sensitive data should be published on Trello.

The service also has an Information Assurance Team to guide staff on the appropriate use of online tools.

Source: https://theintercept.com/2018/08/16/trello-board-uk-canada/

"id": "UKG12181122",
"linkid": "uk-government",
"type": "Data Leak",
"date": "08/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"