APIsec, an API testing firm, confirmed the exposure of an internal customer database that was accessible online without a password for several days. The database contained sensitive information, including names, email addresses, and security posture details of its customers, dated back to 2018. Security research firm UpGuard discovered and reported the leak to APIsec, which quickly secured the database. Despite the potential risks, APIsec's founder stated that the data held was merely 'test data' created for debugging purposes and that the incident arose from a 'human mistake.'
It’s concerning that an internal database holding customer data was exposed for days on the internet without password protection, highlighting significant security oversights.
Lakhani acknowledged the exposure was due to a 'human mistake,' asserting the database contained only 'test data' and assuring customers of no actual data breach.
Collection
[
|
...
]