Home > Security > Security News

APIsec Exposes Customer Names and Emails Amid Security Lapse

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
One unlocked padlock among locked padlocks

APIsec, a prominent API testing firm catering to Fortune 500 companies, recently faced scrutiny after an unsecured internal database containing sensitive customer data was exposed on the internet. 

The company has since secured the database, but the incident highlights fundamental concerns around API security and data protection.

On March 5, cybersecurity research firm UpGuard discovered an APIsec database exposed without password protection. 

List of indices in exposed database showing index names and storage size
List of indices in the exposed database showing index names and storage size | Source: UpGuard

This database, which remained publicly accessible for several days, contained records dating back to 2018, including:

Notably, the database also contained sensitive information, including AWS private keys and credentials for Slack and GitHub accounts. 

Database entry showing customer name, email, mfa configuration and other metadata
Database entry showing customer name, email, MFA configuration and other metadata | Source: UpGuard

According to APIsec, these credentials belonged to a former employee and were reportedly disabled upon their departure two years ago. However, questions remain about why such critical information was left in the database.

When initially contacted by TechCrunch, APIsec’s founder, Faizel Lakhani, downplayed the incident, claiming the exposed database contained only "test data" and not customer data and labeled it as a "human mistake." 

APIsec has since informed affected customers about the exposure but declined to confirm whether they plan to notify regulatory authorities, as required under state-level data breach notification laws. The company has not made the breach notification sent to customers publicly available.

Add a Comment
Related
Data Breach
Threat Actor Claims to Breach Endesa, Allegedly Compromising Millions of Customer Records
Oracle Cloud Data Breach Validated by Security Experts, Affecting Over 140,000 Tenants
SpyX Data Breach Exposes Nearly 2 Million Users' Information, Including Apple Customers
Ransomware Illustration
RansomHub Group Claims Breach of O'Neill Website, Stealing 25GB Trove of Legal Data 
One unlocked padlock among locked padlocks
Qilin Hacking Group Claims Responsibility for Breach at SMC Corporation's European Branch 
amazon
Cloud Providers AWS and Cloudflare Questioned About Alleged Monitoring App Data Storage
Most Popular
Donnie Yen in John Wick Chapter 4
John Wick Spinoff About Blind Assassin Caine: What we Know so far
The Summer I Turned Pretty Season 3
What you Should Know About The Summer I Turned Pretty Season 3
Apple Fined €150M Over App Tracking Transparency Framework That Affected Small Publishers
Surge in IRS Scams Targets Mobile Users During Peak Tax Season
Rick and Morty Season 8
What you Should know About Rick and Morty Season 8: First look Teaser, Release date, Sequels, & more
Ransomware
Akira Ransomware Group Claims Cyberattack on Spain’s STE Group and Exfiltrating 30GB of Data
John Wick Spinoff About Blind Assassin Caine: What we Know so far
What you Should Know About The Summer I Turned Pretty Season 3
Apple Fined €150M Over App Tracking Transparency Framework That Affected Small Publishers
Surge in IRS Scams Targets Mobile Users During Peak Tax Season
What you Should know About Rick and Morty Season 8: First look Teaser, Release date, Sequels, & more
Akira Ransomware Group Claims Cyberattack on Spain’s STE Group and Exfiltrating 30GB of Data

Most Popular
Donnie Yen in John Wick Chapter 4
John Wick Spinoff About Blind Assassin Caine: What we Know so far
The Summer I Turned Pretty Season 3
What you Should Know About The Summer I Turned Pretty Season 3
Apple Fined €150M Over App Tracking Transparency Framework That Affected Small Publishers
Surge in IRS Scams Targets Mobile Users During Peak Tax Season
Rick and Morty Season 8
What you Should know About Rick and Morty Season 8: First look Teaser, Release date, Sequels, & more
Ransomware
Akira Ransomware Group Claims Cyberattack on Spain’s STE Group and Exfiltrating 30GB of Data
John Wick Spinoff About Blind Assassin Caine: What we Know so far
What you Should Know About The Summer I Turned Pretty Season 3
Apple Fined €150M Over App Tracking Transparency Framework That Affected Small Publishers
Surge in IRS Scams Targets Mobile Users During Peak Tax Season
What you Should know About Rick and Morty Season 8: First look Teaser, Release date, Sequels, & more
Akira Ransomware Group Claims Cyberattack on Spain’s STE Group and Exfiltrating 30GB of Data

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: