Developer catches methodical API scrape after attacker pulls 251 requests in 11 minutes
A developer running a visa rules API detected an attempted database extraction last week after an account named 'visadb_scraper' made 251 requests in a highly systematic pattern. The attacker targeted specific passport-destination pairs at a steady rate of roughly 25 requests per minute, successfully retrieving about 249 unique records before being stopped. Signals including a throwaway email, a self-identifying username, and a failed calibration call at the start exposed the automated nature of the sweep. The developer blocked the API key, halting the scrape at just 0.6% of the full 39,585-pair dataset. The incident highlighted a key security gap: without IP logging, blocking the key cannot prevent the attacker from simply re-registering and trying again.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in