Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (although is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).
Learn more about IDOR via the OWASP Cheatsheet.
Some links about IDOR-
Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE)
How I could delete Facebook Ask for Recommendations post’s place objects in comments
Stories Of IDOR-Part 2
Inf0rM@tion Disclosure via IDOR
GraphQL IDOR leads to information disclosure
HTTP Request Smuggling + IDOR