How API attacks work, and how to identify and prevent them

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. The cause: a faulty API that permitted unauthenticated requests.

Application programming interfaces (APIs) allow for easy machine-to-machine communication.  API use has seen explosive growth lately. According to Akamai, API communications now account for more than 83% of all internet traffic.

They’re also the cause of a lot of security issues. In addition to Peloton, other companies in the news recently for API-related cybersecurity problems include Equifax, Instagram, Facebook, Amazon and Paypal.

API use and attacks growing

According to a report released in February by Salt Security, 91% of companies had security problems last year related to APIs. Most common were vulnerabilities, with 54% of respondents, authentication issues at 46%, bots at 20%, and denial of service (DoS) at 19%.