Connect with us

Hi, what are you looking for?

Tech & Science

Beer going flat? BrewDog in data security issues

APIs will be the most frequent attack vector by 2022. How secure is your business?

Lagers can be pale, amber, or dark. Image by Wolfgang Sauber. (CC BY-SA 3.0)
Lagers can be pale, amber, or dark. Image by Wolfgang Sauber. (CC BY-SA 3.0)

BrewDog has suffered from an API security flaw. The vulnerability in the company’s mobile app was discovered by security consultancy Pen Test Partners. The analysts found details belonging to the alcoholic drinks company’s customers and its so-called “Equity for Punks” shareholders were accessible for a period of over 18 months.

The impacted data included names, dates of birth, email addresses, gender, delivery addresses, phone numbers, shareholder numbers, bar discount details and IDs, referrals made and beer buying history.

Security expert Nathanael Coffing, CSO and Cofounder of Cloudenity, tells Digital Journal that such flaws represent a worrying turn of events within the business community.

Coffing begins by setting the scene of this latest cybersecurity incident: “The lack of properly configured identity and authorization on BrewDog’s application programming interface (API) ultimately left the personally identifiable information (PII) of 200,000 shareholders publicly exposed online for anyone to access.”

This could mean trouble brewing, depending upon what happens with the data. Coffing warns: “If this sensitive data falls in the wrong hands, victims could be at risk of identity theft, fraud or highly targeted phishing schemes.”

In terms of the pertinent lessons for business, Coffing finds: “There’s a significant amount of risk associated with APIs due to the massive amounts of data they collect and exchange with other machines on a daily basis, and companies often struggle to keep them secure.”

The longer-term trends do not bode well either, Coffing  finds: “As Gartner forecasts that APIs will be the most frequent attack vector by 2022.” As a result, application leaders independently must design and execute an effective API security strategy to protect their APIs.

Therefore, the security expert recommends: “Organizations must ensure all their APIs are securely operated within automated identity, authorization, consent and governance guardrails.”

There are other measures as well: “Additionally, equipping APIs with context-based, granular authorization and following a Zero Trust API authorization approach is critical to prevent data leakage and breaches.”

Based on this, Coffing is confident some of the security risks can be eliminated: “With these necessary security guardrails and consent controls, organizations can confidently deliver applications and services while maintaining data security.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Actor Alec Baldwin said he was "fully cooperating" with the police inquiry after he shot dead a cinematographer and wounded the director in an apparent...

World

China has passed a new law to limit the pressure on children from homework and after-school tutoring - Copyright AFP Hector RETAMALChina passed a...

World

Lebanese barber Ali Abd Alwareth is stuck in a border forest after Belarus told him: "You have only two choices: either you die here...

World

If convicted, Salvini could face a maximum of 15 years in prison - Copyright AFP Arif ALIItaly’s former interior minister and far-right leader Matteo...