TechCrunch reports that APIsec, an API security testing company, had its customers' data and other sensitive information dating back to 2018 inadvertently exposed by a misconfigured internal database, which was immediately secured upon the identification of UpGuard researchers earlier last month.
Aside from leaking the names and email addresses of its corporate clients' employees and users, such an APIsec database also contained details regarding its customers' attack surfaces, which could prove insightful to threat actors, according to the UpGuard report. Also discovered within the database were AWS private keys and Slack and GitHub account credentials, with APIsec confirming the keys to have been owned by a former employee. Despite initially downplaying the exposed information to contain only test data leveraged by the firm for debugging, APIsec eventually re-investigated the data leak and informed affected customers. Additional details regarding the firm's plans to inform state attorneys general were not disclosed.
