Home > Security > Security News

APIsec Exposes Customer Names and Emails Amid Security Lapse

Published on April 1, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
One unlocked padlock among locked padlocks

APIsec, a prominent API testing firm catering to Fortune 500 companies, recently faced scrutiny after an unsecured internal database containing sensitive customer data was exposed on the internet. 

The company has since secured the database, but the incident highlights fundamental concerns around API security and data protection.

On March 5, cybersecurity research firm UpGuard discovered an APIsec database exposed without password protection. 

List of indices in exposed database showing index names and storage size
List of indices in the exposed database showing index names and storage size | Source: UpGuard

This database, which remained publicly accessible for several days, contained records dating back to 2018, including:

Notably, the database also contained sensitive information, including AWS private keys and credentials for Slack and GitHub accounts. 

Database entry showing customer name, email, mfa configuration and other metadata
Database entry showing customer name, email, MFA configuration and other metadata | Source: UpGuard

According to APIsec, these credentials belonged to a former employee and were reportedly disabled upon their departure two years ago. However, questions remain about why such critical information was left in the database.

When initially contacted by TechCrunch, APIsec’s founder, Faizel Lakhani, downplayed the incident, claiming the exposed database contained only "test data" and not customer data and labeled it as a "human mistake." 

APIsec has since informed affected customers about the exposure but declined to confirm whether they plan to notify regulatory authorities, as required under state-level data breach notification laws. The company has not made the breach notification sent to customers publicly available.

Add a Comment
Related
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
European Parliament Member Hannah Neumann Targeted in Iranian APT42-Linked Hacking Campaign
Google Cookie Prompts
Google Eliminates Cookie Prompts in Chrome, Enhances Incognito Mode with IP Protection
Critical Command Injection Vulnerability in Speedify VPN Could Give Full Control Over Unpatched macOS Systems
Most Popular
Wednesday Season 2
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Predator Badlands
Everything we know About Predator: Badlands – new Monsters & Alien Connections
Robert Irwin
All we know About Dancing With The Stars 2025 (Season 34)
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Everything we know About Predator: Badlands – new Monsters & Alien Connections
All we know About Dancing With The Stars 2025 (Season 34)

Most Popular
Wednesday Season 2
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Predator Badlands
Everything we know About Predator: Badlands – new Monsters & Alien Connections
Robert Irwin
All we know About Dancing With The Stars 2025 (Season 34)
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Everything we know About Predator: Badlands – new Monsters & Alien Connections
All we know About Dancing With The Stars 2025 (Season 34)

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: