Broken Authentication Processes

Even if you have a strong authentication system, it can be broken by an attacker who knows how to bypass or manipulate the process. For example, an attacker could use stolen credentials from one user account to access another user’s data without authorization. This is why it’s important to keep track of all API keys and tokens used within your application so that they can be revoked quickly in the event of a breach. 

tl;dr: Keep track of all API keys and tokens for every user account on your platform. Revoke them immediately if there’s any sign of compromise
https://t.co/k7BilbbeoV