A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January.