Skip to main content

U.N. security blunder left secret Trello boards, Google Docs exposed

Image used with permission by copyright holder

Secretive documents related to the United Nations were left vulnerable to unauthorized access by anyone who stumbled upon the right link, after Trello, Jira, and Google Docs accounts were left improperly configured by staffers. The security gaffe left passwords, organizational documents, and security plans belonging to governments of the United Kingdom and Canada open to the web.

Maybe they should have read our guide on how to use Google Docs.

Recommended Videos

Although each of the unsecured documents did require a unique URL in order to be accessed, that proved far from an effective protective measure when security researcher Kushagra Pathank discovered links to a U.N.-controlled Trello organizational board. In that tool’s ‘card’ system, he went on to find other links to other documents that lead to Google documents and U.N. pages on Jira, an issue-tracking service. These in turn had more links, all of which contained sensitive information. In total, Pathank discovered some 50 boards and documents that he was able to access because of the lack of security options implemented during their setup.

Please enable Javascript to view this content

Some of the information he was eventually able to glean from these documents included access to a remote U.N. FTP server, credentials to log in to a Google and Vimeo account associated with the U.N.’s language and learning program, remote access information for certain U.N.-linked meetings, and detailed information about the U.N. website and its development.

Pathak contacted the U.N. in late August to inform it of the issue. Although, as The Intercept highlights, the organization’s technical department ran into some problems replicating the issue, much of the sensitive content has now been taken down or protected behind security credentials. In a statement to The Intercept, a U.N. spokesperson said that all relevant staff had been warned about trusting third-party tools and services with sensitive information and that they should make necessary precautions to protect such data in the future.

Despite rhetoric to the contrary, Pathak believes that much of these latest security concerns arose simply because leaving boards unsecured is easier than securing them. By not adding users to boards and locking them to authorized accounts only, U.N. staffers were able to share URLs in order to give others access. “Adding people to the board seems to be a huge task for these people, but in fact it is really easy,” Pathak said in a statement.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
How to use Google Docs

Google Docs is a cloud-based Google product with all the features you need to create, edit, and share documents. Google offers a suite of apps designed for users who work online. Integration with Google Drive’s cloud storage capabilities allows you to access and work on your documents from anywhere.

Switching to Google Docs can be a daunting task since there are a lot of new features to discover, and the document editing interface might look unfamiliar.

Read more
Bid farewell to this small but helpful Windows 11 feature
The Surface Pro 11 on a white table in front of a window.

As Microsoft mentions in a December 12 blog post, Windows 11 users will soon no longer receive future updates for the suggested actions menu. The helpful feature would offer you related actions when you copy items like dates or phone numbers with actions to create an event or make a call.

Microsoft first introduced the feature in a Windows 11 2022 update. It made the suggested actions menu appear and gave contextual information based on the copied data. Microsoft describes the feature as follows: "Suggested actions that appear when you copy a phone number or future date in Windows 11 are deprecated and will be removed in a future Windows 11 update."

Read more
AMD’s next-gen gaming laptop chips may have just leaked
AMD's CEO delivering the Computex 2024 presentation.

AMD is readying its Strix Point Halo and Krackan Point APUs, with a potential launch in January at CES 2025. Ahead of launch, details about an Acer Swift Go 16 laptop with an upcoming AMD laptop chip have been spotted on Geekbench.

According to the leaked listing, the laptop is powered by a Krackan Point engineering sample with an OPN Code of "100-000000713-40_Y," which is most likely the Ryzen AI 7 350. It features eight cores, divided into two clusters of four cores each, utilizing Zen 5 and Zen 5c architectures. It has a base frequency of 2GHz, which can reach a maximum boost clock of 5.05GHz, along with 16MB of L3 cache and 8MB of L2 cache.

Read more