Latest API news

200 million Twitter users' email addresses allegedly leaked online

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak.
- Lawrence Abrams
- January 04, 2023
- 03:16 PM
- 0
Toyota, Mercedes, BMW API flaws exposed owners’ personal info

Security analysts disclosed severe API security flaws impacting numerous car makers, enabling them to access vehicle owner information, take over accounts, access internal systems, modify records, and track their position.
- Bill Toulas
- January 04, 2023
- 11:05 AM
- 0
Hacker claims to be selling Twitter data of 400 million users

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.
- Lawrence Abrams
- December 26, 2022
- 03:44 PM
- 4
LEGO BrickLink bugs let hackers hijack accounts, breach servers

Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks.
- Bill Toulas
- December 15, 2022
- 08:00 AM
- 0
Amazon ECR Public Gallery flaw could have wiped or poisoned any image

A severe security flaw in the Amazon ECR (Elastic Container Registry) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.
- Bill Toulas
- December 13, 2022
- 09:00 AM
- 0
5.4 million Twitter users' stolen data leaked online — more shared privately

Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher.
- Lawrence Abrams
- November 27, 2022
- 01:31 PM
- 7
Apps with over 3 million installs leak 'Admin' search API keys

Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information.
- Bill Toulas
- November 21, 2022
- 10:04 AM
- 1
Optus hacker apologizes and allegedly deletes all stolen data

The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.
- Bill Toulas
- September 27, 2022
- 10:20 AM
- 1
Over 3,200 apps leak Twitter API keys, some allowing account hijacks

Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app.
- Bill Toulas
- August 01, 2022
- 06:33 PM
- 0
Docker servers hacked in ongoing cryptomining malware campaign

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet.
- Bill Toulas
- April 21, 2022
- 03:54 PM
- 0
Attacks abusing programming APIs grew over 600% in 2021

Security analysts warn of a sharp rise in API attacks over the past year, with most companies still following inadequate practices to tackle the problem.
- Bill Toulas
- March 02, 2022
- 11:28 AM
- 0
DPD Group parcel tracking flaw may have exposed customer data

An unauthenticated API call vulnerability in DPD Group's package tracking system could have been exploited to access the personally identifiable details of its clients.
- Bill Toulas
- February 07, 2022
- 05:30 PM
- 0
Major Discord outage caused by API and database issues

Discord suffered what they classified as a 'massive outage' that prevented users from logging into the service or using voice chats.
- Lawrence Abrams
- January 26, 2022
- 03:27 PM
- 0
Twitter bots pose as support staff to steal your cryptocurrency

Scammers monitor every tweet containing requests for support on MetaMask, TrustWallet, and other popular crypto wallets, and respond to them with scam links in just seconds.
- Lawrence Abrams
- December 07, 2021
- 04:04 AM
- 1
Sensitive data of 400,000 German students exposed by API flaw

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform.
- Bill Toulas
- October 28, 2021
- 03:03 AM
- 0
Mozilla blocks malicious add-ons installed by 455K Firefox users

Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates.
- Sergiu Gatlan
- October 25, 2021
- 04:08 PM
- 5
Hacker dumps private info of pro-Trump GETTR social network members

Newly launched social site GETTR suffered a data breach after a hacker claimed to use an unsecured API to scrape the private information of almost 90,000 members and then shared the data on a hacking forum.
- Lawrence Abrams
- July 06, 2021
- 02:30 PM
- 4
MountLocker ransomware uses Windows API to worm through networks

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.
- Lawrence Abrams
- May 19, 2021
- 03:31 AM
- 0
Typeform fixes Zendesk Sell form data hijacking vulnerability

Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves.
- Ax Sharma
- January 11, 2021
- 10:46 AM
- 0
Online avatar service Gravatar allows mass collection of user info

A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots.
- Ax Sharma
- October 03, 2020
- 10:50 AM
- 11