Robocall Legal Advocate Leaks Customer Data

Brian Krebs reported that thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click.  The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username and password.


EXPERTS COMMENTS
Matt Keil, Director of Product Marketing,  Cequence Security
August 05, 2020
The more significant error was exposing the API keys in a publicly accessible storage mechanism.
This is a perfect example of how an API can be used to foster partnerships, but lacking in execution with all too common API authentication errors being made. API keys are a good start, but stronger authentication may be in order to protect the customer data. The more significant error was exposing the API keys in a publicly accessible storage mechanism. These types of errors seem to occur weekly. ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article