API #3: Excessive Data Exposure
Excessive data exposure refers to when an API exposes more information than necessary. Attackers can then use this extra information to perform attacks like identity theft, fraud, or blackmail. For example, if a social media site leaks users birth dates and addresses in their profiles, attackers could use that information to steal peoples identities! This vulnerability also includes leaking sensitive data like passwords or credit card numbers through other vulnerabilities (like broken user authentication)
https://t.co/PVjyBsqUVF