The rise of cyberattacks in Australia is becoming increasingly concerning with the rise of API (Application Programming Interface) breaches. APIs provide digital access between applications, meaning that any breach of security can have a huge impact on businesses and customers. With this in mind, the potential for API breaches to cause catastrophic damage to the Australian economy is a growing concern that needs to be addressed.
It has previously been stated that Gartner predicted that API attacks would be the most common type of cyberattack by 2022 and beyond. This is because applications are getting more APIs, and there are more cloud-based services that can be used to deploy them.
For these reasons, over the next few years, API breaches are likely to become much more common and sophisticated in Australia. This will affect the security of both businesses and their customers.
In this article, we will list known API attacks that were conducted on Australian companies throughout the months of September and October.
With more information becoming available, we will frequently update this article.
Vinomofo Data Breach
On October 10, 2022, the online wine retailer Vinomofo experienced a major data breach, affecting millions of customers. The company, which is based in Australia, reported that the breach potentially exposed user names, emails, phone numbers, addresses, and encrypted passwords.
The breach was discovered late in the evening of October 10th, and an investigation is currently underway. Vinomofo is working with the police to find out what happened.
At this time, it is unclear how the attackers were able to gain access to the company’s systems, although strong evidence suggests that it was an API attack. It is also unclear what type of financial or personal information may have been stolen from the customers.
All customer passwords have been reset, and customers have been advised to create new passwords for their accounts. Customer credit card information is also not stored on Vinomofo’s systems and therefore is not at risk. The company is taking the API breach very seriously and is doing everything it can to protect customers’ data. They said they will provide updates as more information becomes available.
Medibank Data Breach
Medibank, one of Australia’s largest health insurers, suffered a massive data breach. The breach exposed customer data, including full names, addresses, phone numbers, email addresses, dates of birth, and bank account details.
It seems like malicious actors gained access to the company’s customer data through a weak endpoint.
The company said that they had since taken measures to protect customer data, such as implementing stronger security protocols and increasing their monitoring of APIs. Additionally, the company said that it was working with the police to investigate the incident and prosecute anyone found to be responsible. Medibank customers were advised to take steps to secure their data, such as changing passwords and monitoring their credit reports.
The event shows once again how important it is to use strong security protocols and keep an eye on APIs all the time.
MyDeal Data Breach
The online retailer, MyDeal, suffered a data breach that exposed the private information of millions of customers. The breach occurred when a hacker gained access to an endpoint and stole personal data including names, addresses, payment card numbers, and email addresses.