Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity News

API security vulnerability in FinTech platform could have enabled account takeover

By Security Staff
API-sec-freepik1170x658.jpg
April 11, 2022

API security company Salt Security released new API vulnerability research that details a Server-Side Request Forgery (SSRF) flaw discovered in a U.S.-based FinTech company’s digital platform. The FinTech platform provides a wide range of digital banking services to hundreds of banks and millions of customers.


The API security vulnerability could have allowed administrative account takeover (ATO). Bad actors could have used the flaw to launch attacks to:

  • Gain administrative access to the banking system
  • Access users’ banking details and financial transactions
  • Leak users’ personal data
  • Perform unauthorized funds transfers into bad actors’ bank accounts


The SSRF flaw was already actively integrated into many of the FinTech company’s systems and had the potential to compromise every user account and transaction data served by its customer banks. While all issues are now remediated, an abuse of this platform could have enabled attackers to control millions of users’ bank accounts and funds, resulting in significant financial losses and theft, fraud, and reputational damage.


“Critical SSRF flaws are more common than many FinTech providers, and banking institutions realize. Had bad actors discovered this vulnerability, they could have caused serious financial damage to all parties involved,” said Yaniv Balmas, VP of Research, Salt Security. “API attacks are becoming more frequent and complex. Our Salt Labs researchers discover critical vulnerabilities that put entire companies at risk every day. By shining a light on these threats, we seek to continually educate security practitioners about potential vulnerabilities in their systems.”


According to the Salt Security State of API Security Report, Q1 2022, 95% of organizations experienced an API security incident in the past 12 months. Additional research showed significant growth (681%) of malicious API traffic in the same period. The API ecosystems of FinTech and financial service providers are vast, with customers, banks, and credit unions relying on APIs to drive interactions across an intricate network of websites, mobile applications, custom integrations, webhooks, and more. 


The full SSRF vulnerability report, including how Salt Labs conducted the research and steps for mitigation, is available here. 

KEYWORDS: API security cyber security finance cybersecurity risk management security vulnerability

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Trophy and soccer ball

Security Experts Discuss Threats to FIFA World Cup 2026

Soccer stadium

How the Current Iran-US Conflict May Impact World Cup Security

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Neighborhood

Residential AI Data Centers: Security, Privacy, and Governance Concerns

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • cyber-security-freepik1170x658.jpg

    Researchers discover GraphQL authorization flaws in fintech SaaS platform

    See More
  • cyber hack

    Widespread Elastic stack API security vulnerability

    See More
  • key-enews

    Battling Account Takeover Risks Without Compromising User Experience

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Physical Layer Security in Wireless Communications

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing