19 lines (16 loc) · 657 Bytes

📑 Case Studies – API Penetration Testing

1. Facebook API Token Leak

Year: 2018
Impact: ~50 million accounts affected
Cause: Access token vulnerability in "View As" feature
Lesson: Proper access control + session invalidation is critical.

2. Uber API Exposure

Year: 2016
Impact: Attackers gained access to driver and rider data
Cause: Hardcoded tokens and weak authentication
Lesson: Never store secrets in client apps.

3. Parler API Misconfig

Year: 2021
Impact: 70TB of data scraped
Cause: No authentication + insecure API endpoints
Lesson: Always enforce authentication and rate limiting.