TOKYO – The personal information of many users of Trello task management software has been left visible to anyone online for extended periods of time in the service’s settings, it was reported on April 6.
Following the revelations, the Japanese government’s National Incident Preparedness and Cyber Security Strategy Center issued a warning on its official Twitter account the same day, urging users to change their settings to “private.” Meanwhile, fear of personal information leaks has flared online.
The Mainichi Shimbun confirmed on April 6 that the names, addresses and phone numbers of those who applied for clinical studies on the coronavirus vaccine, personal and business bank account PINs, and phone numbers laptop and academic backgrounds of job-seeking students could be consulted. publicly.
Trello is owned by Atlassian, an Australia-based software company, and businesses use the service for recruiting and project management, among other things. Trello launched in Japan in February 2018.
Users can choose from the options to make their information “public,” “team accessible,” and “private” in Trello’s settings. When the “public” option is chosen, personal data also appears on Google and other search engines, making it accessible to anyone with a web browser.
In comments to Mainichi Shimbun, a representative from Atlassian Japan insisted that Trello’s personal data settings were set to “private” by default. The representative added that “users most likely changed the ‘public’ option on their own,” and the company warned users of the software’s settings.
Twitter users expressed their agitation with messages such as “This is disastrous. The leak is much bigger than I imagined” and “It is torture to have your personal information revealed without you knowing it. . ”
Numerous tweets invited people to research themselves and the names of “college students who recently looked for work” online. Others, such as an article that read “I am extremely sorry for students whose information is always available,” expressed concern for students looking for work.
Other posts from accounts apparently owned by job seekers revealed intense concern, such as “I was so scared I looked up my own name” and “I’m probably safe because my name didn’t. has not appeared in research, but until then I was scared to death. ”
Some Twitter users, meanwhile, wondered “why personal information is being managed in such a place”, or suggested that Trello users themselves had changed their default settings from “private” to “public”. . The comments included: “People misuse the app” and: “The users themselves should have a high security awareness. ”
Information made available online included the filming schedules of entertainment agencies and the profiles of audition participants, as well as the names and addresses of underage girls who applied for part-time work. None of this information would have been publicly disclosed under normal circumstances.
The Cabinet Office’s National Cyber Security Strategy and Incident Preparedness Center (NISC), which has taken the matter seriously, released a statement via its official Twitter account on the afternoon of April 6, which read: “It has been confirmed that on a web service called Trello, which can be used by the general public for business management and other purposes, the lack of appropriate action results in user information are visible to external parts. In cases where users do not intend to make their information accessible, please take appropriate action, such as changing the settings to “private”.
Cabinet Secretary General Katsunobu Kato said at a press conference on April 6: “We have not been made aware of any damage to government agencies caused by the issue at this time,” and said that he intended to monitor the situation closely.
(Japanese original by Ran Kanno, Yukinao Kin, Masakazu Yui, Digital News Center and Daichi Matsuoka, Atsuko Motohashi, Business News Department)