API testing firm APIsec exposed customer data during security lapse

API testing firm APIsec has confirmed it secured an exposed internal database containing customer data, which was connected to the internet for several days without a password. The exposed APIsec database stored records dating back to 2018, including names and email addresses of its customers’ employees and users, as well as details about the security posture of APIsec’s corporate customers. Much of the data was generated by APIsec as it monitors its customers’ APIs for security weaknesses, according to UpGuard, the security research firm that found the database. UpGuard found the leaked data on March 5 and notified APIsec the same day. APIsec secured the database soon after. APIsec, which claims to have worked with Fortune 500 companies, bills itself as a company that tests APIs for its various customers. APIs allow two things or more on the internet to communicate with each other, such as a company’s back-end systems with users accessing its app and website. Insecure APIs can be ... Read full article.