Email addresses of over 15 million Trello users have been leaked due to an open API endpoint that allowed any unauthenticated user to map an email address to a Trello account. The exploited functionality involved the ability to invite others to public boards. The stolen email addresses have been shared on hacking forums and are reportedly for sale online. Trello, an online project management tool owned by Atlassian, is at the center of this data breach, which was reported on July 17.