Increase in Unjustified Third-Party Access to Sensitive Data

First reported

14.01.2026 13:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. The study highlights significant increases in malicious activity in the government (2% to 12.9%) and education (14.3%) sectors, driven by budget constraints and lack of governance. Key offenders include Google Tag Manager, Shopify, and Facebook Pixel, which are often over-permissioned and deployed without proper security oversight. The research underscores a critical disconnect where 81% of security leaders prioritize web attacks, but only 39% have deployed solutions to mitigate third-party risks. This governance gap is exacerbated by marketing departments driving 43% of third-party risk exposure, often deploying tools without IT oversight.

Timeline

14.01.2026 13:00 1 articles · 23h ago

64% of Third-Party Applications Access Sensitive Data Without Justification
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. The study highlights significant increases in malicious activity in the government and education sectors, driven by budget constraints and lack of governance. Key offenders include Google Tag Manager, Shopify, and Facebook Pixel, which are often over-permissioned and deployed without proper security oversight.
Show sources

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
Open in new tab

Information Snippets

64% of third-party applications access sensitive data without business justification, up from 51% in 2024.
First reported: 14.01.2026 13:00

1 source, 1 article
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
Government sector malicious activity spiked from 2% to 12.9%, and 1 in 7 education sites show active compromise.
First reported: 14.01.2026 13:00

1 source, 1 article
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
Google Tag Manager accounts for 8% of all unjustified sensitive data access, Shopify for 5%, and Facebook Pixel for 4%.
First reported: 14.01.2026 13:00

1 source, 1 article
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
43% of third-party risk exposure is driven by marketing and digital departments, compared to 19% by IT.
First reported: 14.01.2026 13:00

1 source, 1 article
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
81% of security leaders prioritize web attacks, but only 39% have deployed solutions to mitigate third-party risks.
First reported: 14.01.2026 13:00

1 source, 1 article
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00

Summary

Timeline

64% of Third-Party Applications Access Sensitive Data Without Justification

Information Snippets