Trello
As I follow the security news as close as possible, I stumbled over a published bug.
Many Trello boards within companies are used to share sensible data, including passwords, and are publicly searchable
I tried some simple queries and was amazed how easy I could find sensible information.
The most noticable found was a valid login for AliExpress. I did not order anything or mess with the account in any means and logged out immediately.
I also found a Vimeo Channel where I left a message that the password is compromised.
This query produced particular interesting results.
inurl:https://trello.com AND intext:login AND intext:password
This is not a real hack, since this is just too stupid.
