API Threat Landscape

Escape's security research team monitors API-related data breaches since 2022. Explore our database for details on API primary attack vectors, actors, tools, and techniques. Updated bi-weekly.
Header image

Your go-to database for API data breaches

Want to add a known API breach to our tracker? Reach out to our team via the dedicated form.
Submit a breach
escape api security platform logo

Download our  research report:
The API Threat Landscape

Everything you need to know about API Threat Landscape

Frequently asked questions

What is the API Threat Landscape?
The API Threat Landscape is a curated public instance of Escape Security Research’s team database, summarizing information about publicly disclosed API security data breaches. Additionally, the database lists threat actors involved in each attack, primary attack vectors, types of secret keys exposed (if any), associated CVEs and OWASP Top 10 classification.
What is considered an 'API threat'?
We define an API security threat, as any malicious activity that exposed sensitive data transmitted through an Application Programming Interface (API) to unauthorized individuals or systems. This incident occured due to vulnerabilities in the API implementation, inadequate security measures, or malicious exploitation of API endpoints, leading to unauthorized access, data theft, or unauthorized modification of sensitive information. For the moment, the breaches in the database only include incidents where the API was used as the primary attack vector. It does not include API vulnerabilities that did not lead specifically to the data breach.
What sort of incidents are included?
For the moment, the breaches in the database only include incidents where the API was used as the primary attack vector. It does not include API vulnerabilities that did not lead specifically to the data breach.

Initially, we excluded cases where security research revealed API vulnerabilities or bugs that did not lead to the exposure of sensitive data. Our aim was to focus on incidents that had a tangible impact on data security and privacy. As our research evolved, we recognized the value of including instances of security research. These cases, while not resulting in actual data breaches, provide insights into vulnerabilities and the weaknesses that could be exploited. They help us better understand the landscape of API security threats.

The MOVEit API data breach has significantly impacted over 2,620 organizations. We've decided to include organizations that were the most affected by the breach.

Looking ahead, we plan to expand our database to include more detailed security research, incidents across various industries and broader attack vectors. With this, we aim to offer a more complete and nuanced understanding of API security issues, helping organizations better protect their systems and data.
Who is the API Threat Landscape for?
We hope this platform proves useful for threat intelligence analysts or securing researchers looking into API security data breaches, incident responders investigating compromised APIs, and the API security community at large.
What is meant by "Zero-Day Vulnerabilities"?
For our purposes, we have scraped well-known journal and newspaper publications on the breach itself, and we analyzed whether the attackers knew of a flaw in the software that was unknown to the company and with no patch available to customers. These are numbers that will most likely evolve as the issues are remediated on the company side. Thus, we encourage users of this database to check back frequently if that data is used for any analysis.
How can I get in touch with you to give feedback, report mistakes, or make requests?
If you’d like to contact Escape Security Research team about this project, please fill out this form.