- The researchers found an unprotected database that contained client confidential data
- It belongs to Apisec, a company specialized in API security tests
- Affected customers were supposedly notified
Apisec, a company specialized in proactive, automated and continuous API security tests, may have inadvertently leaked the confidential data of customers online, experts said.
The discovery was made for the first time by the Upguard cybersecurity researchers, and then confirmed by the company itself.
The data were stored in a database connected to the Internet that was not protected with password, and apparently it has been maintained for “several” days before being blocked as soon as Upguard notified Apisec.
Notify affected customers
Since the company tracks the API of its customers for security weaknesses, most of the data were generated by their own products.
Some of the 2018 dated data and included the names of customer and users employees, email addresses, as well as the API security position information. Since these data included things as if it were activated or not 2FA, it is the type of information that can be quite useful for a threat actor.
According to the reports, Apisec tried first to minimize the importance of the incident, saying that the database contained “test data”, which was not the company’s production database, and that it did not contain customer data, but also changed its position when there was information that suggested otherwise.
Apparently, Upguard found evidence that the database also contained real -world corporate client data, including electronic names and emails, and scan results.
When Techcrunch He shared the information with Apisec, later said he notified customers whose personal information was found in the data. However, I did not want to say how many people were affected, or wanted to share a copy of the non -compliance notification letter.
Unprotected databases remain one of the key causes of confidential data leaks. Many organizations use the cloud to accommodate information about their employees, customers or customers, forgetting the fact that cloud accommodation works in a shared responsibility model.
