Cybersecurity

Update: New Research: 64% Of 3rd-party Applications Access Sensitive Data...

2026-01-14 0 views admin
Update: New Research: 64% Of 3rd-party Applications Access Sensitive Data...

A critical disconnect emerges in the 2026 research: While 81% of security leaders call web attacks a top priority, only 39% have deployed solutions to stop the bleeding.

Last year's research found 51% unjustified access. This year it's 64% — and accelerating into public infrastructure.

Gartner coined 'Web Exposure Management' to describe security risks from third-party applications: analytics, marketing pixels, CDNs, and payment tools. Each connection expands your attack surface; a single vendor compromise can trigger a massive data breach by injecting code to harvest credentials or skim payments.

This risk is fueled by a governance gap, where marketing or digital teams deploy apps without IT oversight. The result is chronic misconfiguration, where over-permissioned applications are granted access to sensitive data fields they don't functionally need.

This research analyzes exactly what data these third-party apps touch and whether they have a legitimate business justification.

Over 12 months (ending Nov. 2025), Reflectiz analyzed 4,700 leading websites using its proprietary Exposure Rating system. It analyzes the huge number of data points it gathers from scanning millions of websites by considering each risk factor in context, adds them together to create an overall level of risk, and expresses this as a simple grade, from A to F. Findings were supplemented by a survey of 120+ security leaders in the healthcare, finance, and retail sectors.

The report highlights a growing governance gap termed "unjustified access": instances where third-party tools are granted access to sensitive data without a demonstrable business need.

Access is flagged when a third-party script meets any of these criteria:

"Organizations are granting sensitive data access by default rather than exception." This trend is most acute in Entertainment and Online Retail, where marketing pressures often override security reviews.

The study identifies specific tools driving this exposure:

Source: The Hacker News

🏷️ Tags

securitybreachattack

More from Cybersecurity

Latest: Microsoft Updates Windows Dll That Triggered Security Alerts

Latest: Microsoft Updates Windows Dll That Triggered Security Alerts

2026-01-14 0
Update: Critical AI Agents Are Becoming Privilege Escalation Paths

Update: Critical AI Agents Are Becoming Privilege Escalation Paths

2026-01-14 0
Complete Guide to Consentfix Debrief: Insights From The New Oauth Phishing Attack

Complete Guide to Consentfix Debrief: Insights From The New Oauth Phishing Attack

2026-01-14 0
Essential Guide: Hackers Exploit C-ares Dll Side-loading To Bypass Security And...

Essential Guide: Hackers Exploit C-ares Dll Side-loading To Bypass Security And...

2026-01-14 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views