An application programming interface bind apps, cloud resources, app services and data together, and recently they have become a major security threat to enterprises.
Major companies that have announced data breaches and other security exposures from poor API security include Venmo, Panera Bread and most recently Google+.
In October, Google first announced a cover-up of a data-exposing bug in Google+ that exposed half a million users. This was followed by an executive decision to shut down the social network in August 2019.
However, the company made an announcement of another API bug that exposed 52.5 million users’ nonpublic data. This second announcement spurred Google to push the end-of-life date to April 2019 instead of waiting until August 2019.
Fortunately for those who have been affected by these security incidents, their data was only exposed for about six days and was only accessible by developers using the Google+ API. Regardless, companies that announce repeated security incidents tend to lose public trust as they demonstrate a failure to learn from their previous mistakes. Google is taking action by discontinuing Google+ and holding itself accountable.
Data leaks of any kind have become far too common and are usually caused by security issues, or in Google’s case, technical errors, that are easily preventable. Unauthorized exposure of any type of customer data, for any period of time, is a serious issue. To avoid falling victim to this type of breach, organizations should put in place a plan to continuously test their cybersecurity readiness including security tools, people and processes.
