Connect with us

Hi, what are you looking for?

Tech & Science

Beer going flat? BrewDog in data security issues

APIs will be the most frequent attack vector by 2022. How secure is your business?

Lagers can be pale, amber, or dark. Image by Wolfgang Sauber. (CC BY-SA 3.0)
Lagers can be pale, amber, or dark. Image by Wolfgang Sauber. (CC BY-SA 3.0)

BrewDog has suffered from an API security flaw. The vulnerability in the company’s mobile app was discovered by security consultancy Pen Test Partners. The analysts found details belonging to the alcoholic drinks company’s customers and its so-called “Equity for Punks” shareholders were accessible for a period of over 18 months.

The impacted data included names, dates of birth, email addresses, gender, delivery addresses, phone numbers, shareholder numbers, bar discount details and IDs, referrals made and beer buying history.

Security expert Nathanael Coffing, CSO and Cofounder of Cloudenity, tells Digital Journal that such flaws represent a worrying turn of events within the business community.

Coffing begins by setting the scene of this latest cybersecurity incident: “The lack of properly configured identity and authorization on BrewDog’s application programming interface (API) ultimately left the personally identifiable information (PII) of 200,000 shareholders publicly exposed online for anyone to access.”

This could mean trouble brewing, depending upon what happens with the data. Coffing warns: “If this sensitive data falls in the wrong hands, victims could be at risk of identity theft, fraud or highly targeted phishing schemes.”

In terms of the pertinent lessons for business, Coffing finds: “There’s a significant amount of risk associated with APIs due to the massive amounts of data they collect and exchange with other machines on a daily basis, and companies often struggle to keep them secure.”

The longer-term trends do not bode well either, Coffing  finds: “As Gartner forecasts that APIs will be the most frequent attack vector by 2022.” As a result, application leaders independently must design and execute an effective API security strategy to protect their APIs.

Therefore, the security expert recommends: “Organizations must ensure all their APIs are securely operated within automated identity, authorization, consent and governance guardrails.”

There are other measures as well: “Additionally, equipping APIs with context-based, granular authorization and following a Zero Trust API authorization approach is critical to prevent data leakage and breaches.”

Based on this, Coffing is confident some of the security risks can be eliminated: “With these necessary security guardrails and consent controls, organizations can confidently deliver applications and services while maintaining data security.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Traders struggled to extend gains on Wall Street, where the Dow chalked up its first record since May.


Read the fine print carefully and understand the implications of acquiring credit card debt before signing up, check the legitimacy.

Tech & Science

This meant that the trust in that key was a forever kind of trust, one you couldn’t suddenly revoke.

Social Media

Conspiracy theories about the assassination attempt on Donald Trump received tens of millions of views on X, researchers said.