A bug in one of Asana's new AI features made user information accessible to other users for several weeks.
The sam sex eroticismcompany said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).
MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.
The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.
According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.
In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)
Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.
It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.
UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.
Topics Cybersecurity Privacy
Best Apple deal: Save $60 on the Apple Watch SE
Tobey Maguire's 'Spider
Wyatt Cenac's poignant, police
On the Shelf by Sadie Stein
Meta continues its submission to Trump with new advisor on its board
Grindr has removed its controversial ethnicity filters
How tech leaders can do more for racial justice than just tweet
Rob Brydon and Steve Coogan on The Trip
Trump's science adviser pick is actually a good scientist
How to blur people's faces in protest photos — and why you should do it
This new app is like Shazam for frogs
La Reine is Splitting for Iowa, Vive La Reine by Lorin Stein
Michael Azerrad on ‘Our Band Could Be Your Life’ by Dawn Chan
Elon Musk is 'personally' paying for some celebs' Twitter Blue ticks
Alienware M16 Gaming Laptop deal: Save $560
On the Shelf by Sadie Stein
Win Two Tickets to Arcadia by Peter Conroy
Snapchat stops promoting Trump's account in Discover
MacBook Air reviews: 4 features critics loved, 4 they didn’t
Semantic Thrills; Yes, Generalissimo? by Lorin Stein
Prepare to be entranced by these tiny cooking videosThere's evidence that Doomfist may be coming to 'Overwatch' in August17 queer artists you need to follow on Instagram right nowYour iPhone can now be a measuring tape, thanks to the magic of augmented realityiOS 11 on iPhone first look: A win for getting things doneIt was only a matter of time before 'woke' got added to the Oxford English DictionaryHow to create viral content: Try, try againThere's evidence that Doomfist may be coming to 'Overwatch' in AugustSay goodbye to finstas and hello to Instagram 'favorites'Hinge is adding video. It's time to get yourself camera ready.'Star Wars' diamond encrusted Yoda brings The Force to your walletMan hilariously rips into Starbucks over alleged milk mixup17 queer artists you need to follow on Instagram right nowTJ Miller gave a candid talk about 'Silicon Valley' exitWoman kicked out of own apartment pool for high leg, one piece swimsuitMashReads Podcast: Celebrating 20 years of 'Harry Potter'The Nokia 3310 is no match for Glastonbury festivalGuy remade the upcoming 'Star Wars' trailer using only an 1984 Apple computerNike tries out AR for limitedMark Zuckerberg is still the only one using Facebook Stories and he really likes Iowa Wordle today: Here's the answer, hints for December 6 Here are the best memes of 2019 (so far) The best alien memes for when you're trying to break into Area 51 'Quordle' today: See each 'Quordle' answer and hints for December 3 OnePlus 11 revealed in new leaked images New York City blackouts always bring the wildest photos Woody Harrelson and his deep love of tennis go viral at Wimbledon Apple's mixed reality headset has been delayed again, report says 'Quordle' today: See each 'Quordle' answer and hints for December 7 Lensa AI app: What to know about the self portrait generator Ohio lawmaker tweets absolutely gorgeous PSA about teen vaping England vs Senegal livestream: How to watch World Cup Round of 16 live Wordle today: Here's the answer, hints for December 4 Barbie's darkest secrets are revealed in this viral hashtag Prices in Apple's App Store are about to change Tesla delivers first Semi electric truck to Pepsi Mark Ruffalo's Avengers 'wrong answers only' meme is the best one yet Wordle today: Here's the answer, hints for December 5 Nothing's next smartphone might launch in the U.S. 'Lady Chatterley's Lover' review: A steamy affair that makes room to examine class
2.5918s , 8262.1640625 kb
Copyright © 2025 Powered by 【sam sex eroticism】,Unobstructed Information Network