Asana新推出的AI功能因漏洞导致用户数据泄露，影响了约1000个账户。该漏洞源于MCP服务器的逻辑缺陷，而非恶意黑客行为。MCP服务器旨在支持AI助手与网站和应用程序交互，引入了如摘要和自然语言搜索等AI功能。此次事件凸显了生成式AI工具和LLM互操作性带来的新隐私问题和网络安全风险。Asana已下线MCP服务器并修复问题，同时联系受影响客户，调查潜在的数据泄露情况，并建议用户审查日志。

🐞 Asana的AI功能因MCP服务器的逻辑漏洞导致用户信息泄露，而非恶意黑客攻击。该漏洞自5月1日MCP服务器发布后即存在，6月4日被Asana发现。

🔑 漏洞允许使用MCP服务器的用户访问其他账户的项目、团队、任务和其他Asana对象，涉及约1000个账户。

💡 MCP服务器是用于使AI助手与网站和应用程序交互的开放源代码框架，引入了AI功能，如摘要和自然语言搜索。

⚠️ 此次事件凸显了生成式AI工具和LLM互操作性带来的新隐私问题和网络安全风险，MCP服务器成为黑客的新目标，存在提示注入攻击、令牌盗窃和数据泄露的风险。

✅ Asana已下线MCP服务器并修复问题，并联系受影响客户，调查潜在的数据泄露情况，建议用户审查日志并报告异常数据。

A bug in one of Asana's new AI features made user information accessible to other users for several weeks.

The company said the issue was resolved and it was the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).

MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.

The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.

According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.

In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb.

Asana took the server offline and informed customers using the MCP server on June 16 of the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, it is working to bring the server back online and sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.

It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.