APIsec Exposes Customer Names and Emails Amid Security Lapse

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

APIsec, a prominent API testing firm catering to Fortune 500 companies, recently faced scrutiny after an unsecured internal database containing sensitive customer data was exposed on the internet. 

The company has since secured the database, but the incident highlights fundamental concerns around API security and data protection.

On March 5, cybersecurity research firm UpGuard discovered an APIsec database exposed without password protection. 

List of indices in exposed database showing index names and storage size
List of indices in the exposed database showing index names and storage size | Source: UpGuard

This database, which remained publicly accessible for several days, contained records dating back to 2018, including:

Notably, the database also contained sensitive information, including AWS private keys and credentials for Slack and GitHub accounts. 

Database entry showing customer name, email, mfa configuration and other metadata
Database entry showing customer name, email, MFA configuration and other metadata | Source: UpGuard

According to APIsec, these credentials belonged to a former employee and were reportedly disabled upon their departure two years ago. However, questions remain about why such critical information was left in the database.

When initially contacted by TechCrunch, APIsec’s founder, Faizel Lakhani, downplayed the incident, claiming the exposed database contained only "test data" and not customer data and labeled it as a "human mistake." 

APIsec has since informed affected customers about the exposure but declined to confirm whether they plan to notify regulatory authorities, as required under state-level data breach notification laws. The company has not made the breach notification sent to customers publicly available.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: