API security firm APIsec has confirmed it secured an exposed internal database that was left accessible on the internet without a password for several days, potentially exposing sensitive customer information. The database, which was discovered by cybersecurity research firm UpGuard on March 5, reportedly contained data stretching back to 2018, including names and email addresses of users and employees from APIsec’s corporate clients.
UpGuard said the unsecured database held detailed insights into the security posture of various APIsec customers—data the company collects while monitoring its clients’ APIs for vulnerabilities. This included sensitive information such as whether multi-factor authentication was enabled for particular accounts.
UpGuard noted that such details could be valuable to threat actors looking for weaknesses in corporate systems.
Initially, APIsec founder Faizel Lakhani downplayed the incident, claiming the database contained only test and debugging data and insisting it was not a production system.
However, after being presented with evidence by TechCrunch showing the inclusion of real-world customer information and API scan results, Lakhani acknowledged the severity of the issue. He confirmed the database had been exposed due to human error and said it was quickly secured once the company was notified.
Al
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: