I just got the email from haveibeenpwned. F Trello.
It is a foot in the door but honestly there are way too many doors out there so it’s really hard to measure the real damage of this.
I worked at a pretty major employment company like 20 years ago when basically everything was legal and we didn’t need to buy dark web datasets to find real names and contacts ever - most of that data is publicly available and can be captured with simple public scrapers and email checks.
I think expectation of names and emails being private should be thrown out of the window entirely and every security system should implicitly assume these details are publicly known.
So the conditions I mentioned were directly from a series of ransomware attacks from the group BlackCat including the high profile ransomware incident targeting MGM Casinos last year. My team recently used the same premise during an incident response drill based on that event.