API security leaves apps vulnerable: 5 ways to plug the leaks

Many Starbucks customers got a jolt in May when cyberthieves were discovered stealing money from their credit cards and payment accounts by first tapping into their Starbucks mobile apps. The culprit was believed to be a hole in an application-programming interface (API), though perhaps not on Starbucks’ site but on another app where overused passwords were stolen and reused, according to reports.

Greeting card website Moonpig and mobile app Snapchat have suffered similar fates at the hands of API, the set of requirements that govern how one application can talk to another and what data it can access.

To read this article in full or to leave a comment, please click here