The infographic recaps major “spooky” breaches from 2024 that centered on APIs and automation, stressing how common flaws, exposed secrets, and bot activity amplify impact. Examples include Life360 (442,519 impacted) from abuse of a login API flaw, Trello (15,000,000) via an API endpoint accessible without login, Twilio/Authy (33,000,000) where an unsecured endpoint enabled phone-number verification, and Dell (49,000,000) where data was scraped through a partner portal API accessed using a fake company. It also cites Ticketmaster (560,000,000) amid bot-farm abuse. It closes with mitigation steps: regular assessments, strong auth (MFA, OAuth2), up-to-date inventories, behavior monitoring, threat intelligence, and rate limiting.

Join for free to read