Many of the web applications do not properly protect their sensitive datas. Attackers may modify or steal such weakly protected data to conduct identity theft or other crimes. Sensitive data deserve extra protection such as encryption at rest and in transit.
If the password database uses unsalted hashes to store passwords. A flaw in file upload that allows an attacker to retrieve the password file. All of the unsalted hashes will be exposed.
Sensitive Data Exposure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as credentials, personal data, credit cards.