Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

Industry

It's 2024 and the API Breaches Keep Coming

Michael Callahan
Oct 15, 2024

APIs are built expressly to share a company’s most valuable data and services. This makes them a lucrative target for bad actors. We’ve already hit the tipping point — APIs are now THE way in. Salt Security’s 2024 State of API Security Report revealed that the count of APIs is increasing, having gone up by 167% in the past year. 95% of respondents have experienced security problems in production APIs, with 23% having experienced a breach. And, despite growing API traffic, only 7.5% of organizations have implemented dedicated API testing and threat modeling programs.

Here are some major API security breaches from 2024 that underscore the critical importance of securing APIs effectively:

1. Sensitive Messages Breach (January 2024): A buggy API led to unauthorized access to 650,000 sensitive messages, exposing passwords and allowing penetration testers to retrieve confidential data. This breach shows how even a single API flaw can compromise highly sensitive information​.

2. Trello Breach (January 2024): An exposed Trello API compromised data of over 15 million users by linking private email addresses to Trello accounts. This breach highlights the dangers of poor API security leading to millions of compromised data profiles​.

3. Spoutible Data Leak (February 2024): An API vulnerability in Spoutible exposed user data, including bcrypt hashes of passwords. This incident demonstrates the risks of insufficient API security in social media platforms​.

4. GitHub Repository Secrets Spill (March 2024): A breach exposed nearly 13 million API secrets through public GitHub repositories. Companies were left vulnerable as attackers exploited these credentials to gain unauthorized access​.

5. PandaBuy Data Leak (April 2024): Critical vulnerabilities in PandaBuy's API resulted in the theft of data affecting 1.3 million users. This breach emphasizes the need for strong API access controls to prevent unauthorized access​.

Get the latest API Security report and see how you compare

6. Dropbox API Keys Breach (May 2024): Attackers accessed Dropbox's production environment via compromised API keys, exposing customer data and multi-factor authentication (MFA) information​.

7. Microsoft Graph API Abuse (May 2024): Hackers increasingly exploited the Microsoft Graph API to establish covert malware communication channels, leveraging trusted cloud services for malicious purposes​.

8. Dell API Breach (May 2024): Dell experienced a breach affecting 49 million customer records due to an API vulnerability, where attackers exploited a partner portal API to access fake accounts​.

9. RabbitR1 Vulnerability (June 2024): The Rabbit R1 AI assistant had exposed API keys hardcoded into its code, potentially enabling attackers to access all past responses given by the assistant​.

10. Cox Communications API Breach (June 2024): A vulnerability in Cox Communications’ API put millions of modem configurations at risk, potentially allowing hackers to manipulate the network configurations​.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

October 31, 2024

Alexandria Nicosia
Social Media Manager

Industry

Securing APIs in Retail: Safeguarding Customer Data

In the fast-paced retail industry, where customer trust and data protection are critical, API security must be a top priority to ensure both reliability and a seamless customer experience, confidence, and trust in digital services.

Read more

October 30, 2024

Eric Schwake
Head of Product Marketing

Customer

Salt Security and Dazz: A Powerful Partnership for API Security

Integrating Salt Security and Dazz provides a robust solution for organizations aiming to enhance their API and application security.

Read more

October 29, 2024

Eric Schwake
Head of Product Marketing

Industry

Lessons from the Cisco Data Breach—The Importance of Comprehensive API Security

In the wake of Cisco’s recent data breach involving exposed API tokens - amongst other sensitive information - the cybersecurity community is reminded once again of the significant risks associated with unsecured APIs.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back