A bug in one of Asana's new AI features made user information accessible to other users for several weeks.
The Watch Doom Fighter (2000) full Italian moviecompany said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).
MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.
The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.
According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.
In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)
Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.
It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.
UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.
Topics Cybersecurity Privacy
No Time for a Negative Peace
Redmi launches Harry Potter Edition of new Turbo 3 smartphone · TechNode
Chinese GenAI venture raises $14 million, claims itself akin to Sora · TechNode
Domestic trips recorded during China’s Qingming festival up over 10% from 2019 level · TechNode
NYT Connections hints and answers for May 10: Tips to solve 'Connections' #699.
China’s EHang partners with automaker GAC to develop flying cars · TechNode
Excited customers flock to stores for Xiaomi’s first EV: report · TechNode
Bilibili expects to achieve operating profit in Q3 as more creators engage in live
10 Tech Predictions for 2017
Alibaba Cloud cuts prices for international customers as AI demands rise · TechNode
Whale Vomit Episode 5: Startup Monarchy
VW Tiguan to use drone maker DJI’s ADAS technology for urban driving · TechNode
Alibaba to test rocket package delivery service with China’s startup Space Epoch · TechNode
Honda launches China
The Mismeasure of Media
Ele.me outlines business plan for the next three years amid leadership reshuffle · TechNode
Li Auto scales back EV ambitions with “more validation work”: CEO · TechNode
China authority sets a new industry standard for cross
Waitin’ on the Student Debt Jubilee
China’s anti
Here’s Some Timeless Wisdom About CheetahsTruly Trending: An Interview about IntensifiersDeath and All Her FriendsNYT's The Mini crossword answers for October 22A Rediscovered Book Mocks Bickering British Colonists'Quordle' today: See each 'Quordle' answer and hints for September 4Wordle today: The answer and hints for October 23The Film “Happy Hour” is Five Hours—And Worth ItA Rediscovered Book Mocks Bickering British ColonistsBumble warns about 'polterOuija Board as Literary BiographyT. S. Eliot's 'Four Quartets' as Cage Match'Quordle' today: See each 'Quordle' answer and hints for August 29'Quordle' today: See each 'Quordle' answer and hints for October 22, 2023T. S. Eliot's 'Four Quartets' as Cage Match'Don't Worry Darling' drama is taking over the internetA Rediscovered Book Mocks Bickering British ColonistsThomas Mann’s Los Angeles Home Is in JeopardyHow a Book About Chinatown Made Me Remember My First New York Date#ReadEverywhere: The Cats Edition Fortress of Solitude: The Musical, and Other News Toyota making EV that can replicate gear shifting Maisie Williams asks about Bitcoin. Memefest ensues, and Elon Musk joins the party. How to eat pussy, according to sex experts Second Chances by Tupelo Hassman Twitter pranksters flood pro The Fun Part by Sadie Stein Bookish Cakes, and Other News by Sadie Stein Anaïs Nin on Heroes by Sadie Stein Dating the Iliad, and Other News by Sadie Stein Emergent by Jill Talbot Obama surprises YouTube music twins as they listen to his new playlist The Art of Losing by David McConnell TikTok's first user to hit 100 million followers is Charli D'Amelio Reddit suffers partial outage amid blackout protests PlayStation takes over London's Underground signs with iconic shapes B is for Bookseller by Sadie Stein America in Love, and Other News by Sadie Stein See a Paris Review Interview: Live! by Sadie Stein Reading Rooms of Your Dreams, and Other News by Sadie Stein
2.0588s , 10111.7890625 kb
Copyright © 2025 Powered by 【Watch Doom Fighter (2000) full Italian movie】,Warmth Information Network