Rising API Threats: Nepal Bots and Leaked Keys Cause $130k Damages on US Tech

Vaibhav April 18, 2026
Rising-API-Threats-Nepal-Bots-and-Leaked-Keys-Cause-130k-Damages-on-US-Tech
Post Views: 7

US Technology Firm Suffers Significant Financial Loss Due to API Attacks and Possible Insider Involvement

A recent cybercrime case has come to light in which a US-based technology company has suffered substantial financial losses due to alleged unauthorized API access and potential insider participation.

The Incident: A Complex Attack on Multiple Fronts

The incident occurred in December 2025, when the company detected over 120,000 suspicious API requests on its servers, resulting in significant system strain and financial losses. According to preliminary cyber forensic analysis, the attacks were carried out using an automated bot network, routed through Virtual Private Network (VPN) infrastructure and IP addresses linked to Nepal.

According to investigators, “the attackers may have exploited stolen or leaked API keys to execute the attack, causing inflated operational costs and disrupting business operations.”

Insider Involvement Suspected

The company’s authorized legal representative has filed a formal complaint with the authorities, initiating an investigation at the Dhoomanganj police station. The probe is ongoing, with investigators tracing the last valid login session to Prayagraj, leading them to suspect possible insider involvement.

Shubham Shukla, a former employee, has been identified as a key suspect, with his IP range allegedly associated with the suspicious activity.

Repercussions and Lessons Learned

The company also reported repeated unauthorized API hits on third-party data platforms, including LexisNexis, during the same time frame. These repeated requests led to unexpectedly high billing charges, exacerbating the overall financial damage.

Cybersecurity experts believe this incident highlights the growing risks associated with API security and insider threats in modern digital ecosystems. They emphasize the importance of adopting multi-layer authentication, continuous log monitoring, and strict access control policies to prevent similar incidents in the future.

Ongoing Investigation

The investigation remains ongoing, with authorities working to map the complete digital network behind the attack and identify all individuals involved.



About Author

Vaibhav

See author's posts

More Stories

75-000-Users-Targeting-with-DDoS-for-Hire-Services-Identified-and-Warned-by-Authorities

75,000 Users Targeting with DDoS-for-Hire Services Identified and Warned by Authorities

Vaibhav April 18, 2026
Israel-Hit-by-New-Siphon-Malware-Targeting-Critical-Infrastructure

Israel Hit by New Siphon Malware Targeting Critical Infrastructure

Vaibhav April 18, 2026
Student-Loan-Debt-Traps-Lead-to-Financial-Ruin-and-Mental-Health-Issues

Student Loan Debt Traps Lead to Financial Ruin and Mental Health Issues

Vaibhav April 18, 2026

Latest Cyber Security News

Investigating-Cryptocurrency-Crimes-Online-Event-on-Digital-Forensics-title-cryptocurrency-crimes-digital-forensics-online-event-cybercrime-investigation

Investigating Cryptocurrency Crimes: Online Event on Digital Forensics, title: cryptocurrency crimes, digital forensics, online event, cybercrime investigation

Vaibhav April 18, 2026
75-000-Users-Targeting-with-DDoS-for-Hire-Services-Identified-and-Warned-by-Authorities

75,000 Users Targeting with DDoS-for-Hire Services Identified and Warned by Authorities

Vaibhav April 18, 2026
Fake-Aadhaar-ID-Generation-Scandal-Exposed-with-Biometric-Tampering

Fake Aadhaar ID Generation Scandal Exposed with Biometric Tampering

Vaibhav April 18, 2026
Israel-Hit-by-New-Siphon-Malware-Targeting-Critical-Infrastructure

Israel Hit by New Siphon Malware Targeting Critical Infrastructure

Vaibhav April 18, 2026
India-s-Cybercrime-Surge-Fuels-Rise-of-Fraud-via-UPI-Payments

India’s Cybercrime Surge Fuels Rise of Fraud via UPI Payments

Vaibhav April 18, 2026
en_USEnglish
en_USEnglish