AI & TechBigTech CompaniesCybersecurityNewswireTechnology

ServiceNow bug exposed some customer data to the internet

▼ Summary

– ServiceNow notified enterprise customers that a software bug allowed unauthenticated users to access their data, and patched the issue on June 5.
– The bug enabled anyone to obtain data from customer instances without needing a password, but it’s unclear who accessed it or what data was taken.
– ServiceNow is a cloud computing platform used by thousands of companies to automate business processes, storing sensitive data like passwords and credentials.
– The issue was linked to Australian customer instances, but non-Australian users on Reddit reported evidence of external access to their instances.
– A network defender shared IP address 51.159.98.241 as a potential indicator of compromise in customer logs, and ServiceNow did not immediately respond to requests for comment.

Cloud technology giant ServiceNow has reportedly notified some of its enterprise clients that a software vulnerability on its platform allowed unrestricted internet access to their data. The flaw, which the company patched on June 5, permitted unauthenticated users to obtain information stored in customer instances without needing a password or other credentials.

According to a knowledge base article, now hidden behind a login wall but shared on Reddit, ServiceNow updated specific customer environments to fix a bug that had enabled unauthorized individuals to “gain greater access” to hosted data than intended. The issue essentially left data exposed to anyone on the web, bypassing typical security controls.

It remains unclear who may have exploited this bug, what specific data was accessed or stolen, or whether any organized group was involved. Since the incident appears to stem from a software flaw rather than a targeted attack, it is uncertain if customers could have taken steps to prevent improper access.

ServiceNow is a major cloud computing company that helps thousands of enterprises automate internal workflows. Organizations use its platform to build processes linking various apps and databases, including IT and human resources systems, to handle repetitive tasks like employee onboarding, tech support ticket resolution, and chatbot interactions. This makes ServiceNow a high-value target for cybercriminals, given the sensitive data it stores,such as customer support tickets that may contain passwords, encryption keys, and other credentials.

ServiceNow has stated that the issue affects Australian customer instances. However, multiple Reddit users outside Australia report finding evidence of external access to their ServiceNow environments. Network defenders have flagged an IP address, 51.159.98.241, as a potential indicator of compromise if it appears in customer logs.

A ServiceNow spokesperson did not respond to TechCrunch’s request for comment on how many customers were impacted or how long the data had been exposed.

(Source: TechCrunch)

Topics

data breach 95% software bug 92% cloud security 90% unauthorized access 88% enterprise customers 85% customer data 83% security patch 80% hacker target 78% incident response 75% australian instances 72%