API testing firm APIsec has confirmed it secured an exposed internal database containing customer data, which was connected to the internet for several days without a password.