The incident highlights a number of important lessons for organizations that are using APIs:

1. Don’t assume an API is secure just because it is only accessible internally or by authenticated users – especially if you have enabled external access via your own app, which can be used as a gateway into your systems. In many cases, apps will use APIs to retrieve information from other applications in order to display it on their screens (for example, when displaying a list of people who follow you)
https://t.co/ligygmsfWl