The incident highlights a number of important lessons for organizations that are using APIs:
1. Dont assume an API is secure just because it is only accessible internally or by authenticated users especially if you have enabled external access via your own app, which can be used as a gateway into your systems. In many cases, apps will use APIs to retrieve information from other applications in order to display it on their screens (for example, when displaying a list of people who follow you)
https://t.co/ligygmsfWl