Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025. This vulnerability potentially allowed users to access sensitive data from other organizations using the MCP server. Although this was not caused by an external hack, the flaw exposed users' data inadvertently.
‍
Affected Data
Potentially exposed data was limited to information accessible within the MCP user's permissions, including:
- Task-level details
- Project metadata
- Team information
- Comments and discussions
- Uploaded files
‍
Impact Scope
Asana estimates the incident affected approximately 1,000 customers and has contacted affected organizations.
‍
Recommended Actions
- Review Asana logs related to MCP access for unauthorized or cross-organization data exposure.
- Audit AI-generated summaries or responses accessed through the MCP server.
- Immediately remove and delete any unauthorized or unrelated organizational data accessed.
- Limit and monitor MCP integrations and pause automatic reconnections until trust and security are verified.
- Utilize provided forms from Asana to request logs and metadata for detailed investigation.
‍
Preventive Measures
- Enforce strict tenant isolation and least-privilege access controls for LLM integrations.
- Maintain comprehensive logging of all MCP server interactions to support forensic analysis.
- Ensure manual oversight is implemented during system reintegration and reconnection procedures after incidents.
- Treat all internal software flaws as critical incidents due to potential data exposure risks.
‍
Asana has pledged transparency and detailed communication, including the availability of a post-mortem report upon request. Users are advised to stay informed and adhere to recommended security practices.
