Cybersecurity enthusiast Kushagra Pathak discovered a vulnerability in the Trello web management, allowing to mine credentials from doznes of public Trello boards with simple Google queries.
Trello is the project collaboration tool for enterprise and personal use. By default, Trello boards are set to either private or team-visible only. That doesn’t stop users from manually sharing personal boards that include confidential information, which may later by indexed by search engines. The credentials include usernames, passwords, API keys and more.
User should never store credentials on public boards.
Read more about it here.