Blog Posts Process Management

Security Breaches Can Be Avoided with an API Security Strategy

Blog: The Tibco Blog

Recently, The Guardian reported that about 50,000 Australian university students who were using the events app Get were affected by a massive data breach. Personal details of university students involved in clubs and societies around Australia were exposed online.

The Get app was built for university societies and clubs to facilitate payments for events and merchandise. It operates in four countries with 159,000 active users, and 453 clubs using it. And this isn’t the first time the company has had a breach of this kind.

This first came to light when a user on Reddit looked up their own club on the app and consequently got access to other users’ data, including name, email, date of birth, Facebook ID, and phone numbers — all through the company’s search function API. The user stated that they could send requests for data without legitimate access, meaning anyone could request access to the information. In response to the news of the breach, Get posted on its website that it had made a change to prevent that from happening and begun telling organizations about the breach. 

With so many APIs, your attack surface might be increasing

This real-life scenario is just one example of an organization without a proper API security system in place to protect the data of its consumers. Like Get, your business is likely taking advantage of APIs to streamline partnerships and streamline growth. But, a growing number of APIs also mean a growing number of security vulnerabilities and your attack surface is potentially increasing. Security threats are rapidly changing, as are the rules and regulations for maintaining your API security. With the emergence of mobile, voice, and applications at the edge, developers need to reconsider the API security landscape. As a digital business, your API security needs to accommodate a variety of application types, allowing access to all authorized users while keeping unrecognized users blocked. 

A lack of API security can lead to costly breaches and disruptions that negatively impact your reputation and bottom line. In the case of Get, this is the company’s second security breach, with the first causing the company to do a major rebrand. Not only is it a costly undertaking, but very disruptive for the app’s users.

How you can stay on top of your API security

To protect your organization, you need to extend security practices to focus on attacks specific to APIs, such as API gateways and API authentication. In order to defend against these threats, you need to implement an API security strategy with standards-based access control, deep visibility into API traffic, and threat detection. 

Read this whitepaper to hear from API security experts who outline how the API landscape reached its current state, where things are going, how things will continue to shift and evolve for your digital business, and how you can stay on top of your API security

To learn more about how you can implement a complete API security solution for designing, developing, and securing your organization’s APIs across on-premises, private or public clouds, and hybrid IT environments, read this solution brief

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples