Excessive data exposure is when the API client application does not filter the results it gets before returning the data to the user of the application.
tl;dr: Excessive data exposure is when the API client application does not filter the results it gets before returning the da