Robocall Legal Advocate Leaks Customer Data

By   ISBuzz Team
Writer , Information Security Buzz | Aug 05, 2020 11:57 am PST

Brian Krebs reported that thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain  The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username and password.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Matt Keil
Matt Keil , Director of Product Marketing
August 5, 2020 7:59 pm

This is a perfect example of how an API can be used to foster partnerships, but lacking in execution with all too common API authentication errors being made. API keys are a good start, but stronger authentication may be in order to protect the customer data. The more significant error was exposing the API keys in a publicly accessible storage mechanism. These types of errors seem to occur weekly. Do the developers really understand the ramifications of public-facing APIs and data? It\’s exposed to everyone. It\’s a simple question, but what else can explain the repetitive nature of these basic errors?

Last edited 3 years ago by Matt Keil

Recent Posts

Would love your thoughts, please comment.x