APIsec, a company specializing in API security testing, exposed sensitive customer data through an unprotected internet-connected database. Upon discovery by UpGuard, it was found that the database contained names, email addresses, and details pertaining to the API security of its clients, including the status of 2FA activation. Initially downplayed by APIsec as 'test data', evidence confirmed real-world customer information was included. The company later notified affected parties although the extent of the breach was not disclosed.
TPRM report: https://scoringcyber.rankiteo.com/company/apisec
"id": "api1011040125",
"linkid": "apisec",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'API Security Testing',
'name': 'APIsec',
'type': 'Company'}],
'attack_vector': 'Unprotected Database',
'data_breach': {'personally_identifiable_information': ['Names',
'Email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Email addresses',
'API security details',
'2FA activation status']},
'description': 'APIsec, a company specializing in API security testing, '
'exposed sensitive customer data through an unprotected '
'internet-connected database. Upon discovery by UpGuard, it '
'was found that the database contained names, email addresses, '
'and details pertaining to the API security of its clients, '
'including the status of 2FA activation. Initially downplayed '
"by APIsec as 'test data', evidence confirmed real-world "
'customer information was included. The company later notified '
'affected parties although the extent of the breach was not '
'disclosed.',
'impact': {'data_compromised': ['Names',
'Email addresses',
'API security details',
'2FA activation status']},
'response': {'communication_strategy': 'Notified affected parties'},
'title': 'APIsec Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured Internet-Connected Database'}