API Breaches on the Rise, 2023 Sets Record Pace

By Greg Tavarez, TMCnet Editor  |  May 15, 2023

The world today is more interconnected, increasing the reliance on APIs, the backbone for communication and data exchange between different software applications and systems. API calls account for a significant portion, over 83%, of internet traffic, according to Akamai. This demonstrates the critical role that APIs play in enabling seamless interactions between various services and platforms.

To illustrate the impact of APIs, let's take the example of a cloud-based food delivery app. This type of application typically involves a complex series of API calls, a.k.a. API requests. From the moment a user places an order, API calls are made to transmit the order details to the restaurant, coordinate the delivery process and handle payment processing. In total, it is not uncommon for a food delivery app transaction to require up to 25 API calls.

These API calls often involve multiple parties, including the food delivery app itself, the restaurant, payment gateways, and possibly other third-party service providers. Each party relies on APIs to securely exchange data and execute their part of the transaction.

Given the sensitive nature of the data involved, such as customer information and payment details, maintaining the security and reliability of these APIs is crucial. Any vulnerabilities or failures in the API infrastructure can have far-reaching consequences, including data breaches and disruptions in service.

Therefore, ensuring the security, robustness and reliability of APIs is a paramount concern for organizations across various industries. And the proliferation of APIs is not helping, per se (as it offers malicious actors a variety of attack vectors, according to recent research by FireTail).

In fact, over 500 million records have been exposed or are at-risk from APIs, according to FireTail, and the top two highest-impact breach vectors for API breaches are authorization at 28% of all records breached and authentication at 22% of all records breached. To top it off, 2023 is on track to be a record year for API breaches, with disclosures in the first two months of the year alone having a potential impact of 49 million records.

To help organizations address these growing threats, FireTail offers a hybrid approach to API security, combining an open-source library for runtime security enforcement and a SaaS (News - Alert) platform for real-time visibility and integration with security tools. It addresses the challenge of securing APIs exposed to the internet or protected by firewalls, WAFs, gateways or proxies.

Moreover, they recently expanded their library to support JavaScript, Ruby and GoLang, catering to diverse API environments. FireTail also offers centralized API logging for both on-premises and cloud-based APIs. FireTail's logging capabilities provide auditability and monitoring.

“FireTail is an API security company with an application layer technology to block and track the top API attack vectors in real-time,” said Jeremy Snyder, founder and CEO of FireTail. “Our capabilities to analyze call and response data in API logs also provides much clearer breach analysis, leading to stronger preventative security and more rapid and accurate incident response.” 

The report acts as a reminder that digital lives are only secure if APIs are, in turn, secure. The breaches that have happened and continue to happen paint a clear picture of a problem that needs to be addressed. And FireTail, for one, is there to help address that problem.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]