The Optus data breach occurred through an unprotected and publically exposed API. Security Flaw Three security flaws can be identified in this setup.
Examples of open APIs that follow best API security practices are the Google Maps API and the Weather API. Any data that's available through these APIs is completely isolated from core business processes, so it’s impossible to cause a data breach through these open APIs.
This unfortunate efficiency led to the Optus breach becoming ranked as the second-largest data breach in Australian history.