Data breaches at major telecom operators emphasize the need for robust API security measures

Print

Email

Globally, the use of APIs has been on a constant increase as they are a great tool for businesses. However, the growth of APIs has also resulted in a significant rise of API security breaches over the last few years. Notably, unprotected APIs (application program interfaces) have emerged as the leading factor behind the disastrous data breaches that have occurred at major telecom operators around the world, in the recent past.

• In January 2023, through a financial filing with the Securities and Exchange Commission (SEC), T-Mobile revealed that a hacker gained access to sensitive information of more than 37 million customers. According to T-Mobile, the firm discovered the breach on January 5, the intruder breached the network in late November 2022.

In the SEC filing, T-Mobile also revealed that the intruders did not breach any computer system to access the sensitive information of its customers. Instead, the intruders targeted the application programming interface. According to the firm, the breached API belonged to an unknown, and therefore, unprotected shadow assets. Since 2018, this has been the eighth instance when T-Mobile, having more than 110 million customers in the United States, was hacked.

In another data breach, at a major telecom operator, the sensitive and personal information of about 9.8 million customers was exposed.

• Optus, the Australian telecom operator which reported the data breach in September 2022, also attributed the cyberattack to negligence with APIs. While the firm has termed the breach as sophisticated, the Australian Minister for Cybersecurity stated the attack a basic one.
• The cyberattack, reportedly, started when the intruder was accessing an API server that the firm left unprotected and required no authentication at all. In other words, the intruder had free access to the API.

With API services enabling much of the key functionality for modern apps and websites around the world, the use of APIs is projected to only grow significantly over the next three to four years. These data breaches affecting millions of customers, at major telecom operators, are a wake-up call for most organizations across industry verticals to take API security more seriously. In the past, firms such as LinkedIn, Venmo, and HubSpot have also suffered massive data breaches due to unsecured APIs. With these data breaches not only affecting the firm’s reputation but also costing them millions of dollars, TechInsight360 expects the investment in the API security space to grow significantly from the short to medium-term perspective.

Furthermore, as the volume of APIs used by businesses continues to grow rapidly, the number of potential vulnerabilities will also increase substantially. This will, therefore, drive the demand for API security providers in the global market from the short to medium-term perspective. Consequently, over the next three to four years, TechInsight360 also expects the number of firms offering API security services to grow multi-fold across the world, owing to the rapid surge in API attacks.