Friday, April 17, 2020

Trello Account Claimed Using Secondary E-mail

shashanktomar (via Hacker News):

My login to trello is with my personal gmail account. With the new SSO login screen, as soon as I enter my gmail address, it redirects me to my previous company sso page (which i left 5 years ago btw). The email address is clearly @gmail.com. It being claimed by an SSO without my consent is extremely scary. Now I am completely locked out of my account.

Blair at Atlassian:

Since Acme has claimed the domain that you’re using as one of your saved email credentials, and they have recently enforced SSO for all Trello users in their domain, this means your Trello account is now managed by the Trello Enterprise Acme by way of their SSO enforcement.

shashanktomar:

I created my personal account long before Trello was acquired by Atlassian. It did not have any SSO at that point and the login was with username and password. At some point, while working on a side project and to share it with a teammate, I attached a secondary email to my account and created few boards under it.

[…]

The multiple account login used to work the same way it works for github now. The boards were very clearly labeled under the email/username they were created and clearly had the ownership well defined. As soon as I left the company and my email was disabled, all the boards under that email disappeared from my account. This was expected and kept using my primary email (i always used to login with my username) and completely forgot about an attached secondary email (which anyways is now deactivated). Fast forward 5 years with tons of personal boards under this account, one morning it stopped working without any notification (yes i revised my spam to be sure about it) with all my data gone.

Comments RSS · Twitter

Leave a Comment