APIsec Exposes Customer Data in Security Lapse: A Wake-Up Call for API Security
Lloyd
APIsec Exposes Customer Data in Security Lapse: A Wake-Up Call for API Security
In a disturbing security lapse, API testing firm APIsec has exposed sensitive customer data due to a database left open to the internet without a password for several days. The database, which contains records dating back to 2018, was made publicly accessible before being secured after the discovery. This incident highlights the growing risks associated with unsecured APIs and the critical importance of stringent cybersecurity measures for companies working with sensitive data. Image:Google The Security Incident: Exposed Data On March 5, 2025, cybersecurity firm UpGuard discovered the exposed APIsec database, which contained personal details of employees and users from APIsec's clients. This includes names, email addresses, and data on the security posture of corporate clients, including whether multi-factor authentication (MFA) was enabled. APIsec’s role is to monitor and test the APIs of its clients for vulnerabilities, which makes the leak particularly concerning as it reveals att…