Set as Homepage - Add to Favorites

【Taste of Future Sister-in-law】

Source:Charm Information Network Editor:Social Good Time:2025-06-26 02:07:24

A bug in one of Asana's new AI features made user information accessible to other users for several weeks.

The Taste of Future Sister-in-lawcompany said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).

MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.

You May Also Like
SEE ALSO: 'Your Year in Asana' is a reminder of all the work you did (or didn’t do)

The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.

In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)

Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.

It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.

UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.

Topics Cybersecurity Privacy

Previous:PlayerUnknown's Battlegrounds Graphics Performance Revisited: 44 GPUs Tested

Next:Remembering Philip Levine’s Poetics of Labor

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Curious fox cub gets head stuck in peanut butter jar, hero storms to the rescueStephen Colbert, Jimmy Fallon, Conan O'Brien unite for Trump responseWorld Cup presenter abused for pronouncing names correctly hits backFacebook ends its Aquila drone projectBrazilian reporter deals with sexual harasser at World Cup like a bossNew Google Maps features just started rolling out — do you have them?5 InternetCryptocurrency ads are coming back to FacebookYale spotlights genderAdam Sandler brings 23Here are all 47 artists featured in Netflix's ad highlighting black representationWorld Cup presenter abused for pronouncing names correctly hits backThis gloriously disturbing BBC tweet has created the year's oddest hashtagLady Gaga calls Dr. Luke 'Ursula' for holding Kesha's voice captiveSenegal's team easily has the best dance moves of the World CupWatch Kesha finally get to sing her heart out at the Billboard Music AwardsAll marriage proposals should feature sloths from now onWhy we could be watching 'The Simpsons' for another 30 seasonsScientists have finally come up with a solution for the world's most annoying household soundLearn how to celebrate #NationalSendANudeDay from these wise tweets Apple and Amazon are in a race to stream live sports Is it time to turn your autocaps back on? How to watch Ted Lasso Tile launches anti Trump's latest tweet threatening Iran has gotten the meme treatment 'Windfall' review: A stunning Netflix thriller that keeps you guessing until the very end Meryl Streep and Cher's kiss is one of the few good things to happen in forever Epic Games is using the new 'Fortnite' season launch to support Ukraine The congressmen against net neutrality who receive money from telecoms Duolingo reports a 485% increase of people studying Ukrainian Ivanka Trump's fashion line is dead ¯\ The best dog accounts on Instagram to get your fluff fix Volvo will install fast EV charging stations at up to 15 Starbucks locations The Instagram famous corgi with the perfect floof butt Please enjoy this Spotify playlist we made for your dog Russia officially bans Facebook and Instagram Humble Bundle 'Stand with Ukraine' offer launches, will support humanitarian relief Ukraine is legalising the cryptocurrency market Saga of a foul ball taken from kid at Cubs game comes with a dramatic twist Chiitan is the hilariously masochistic mascot of our dreams

2.4359s , 8201.3828125 kb

Copyright © 2025 Powered by 【Taste of Future Sister-in-law】,Charm Information Network  

Sitemap

Top

Quick Links