Cloud technology giant ServiceNow has notified some of its enterprise customers that a software bug in its platform was allowing anyone on the Internet to access their data.
A knowledge base articlewhich ServiceNow has hidden behind a login wall but has been shared on Redditsays the company on June 5 patched some customer instances to fix a bug that allowed unauthenticated users to “gain greater access” to ServiceNow-hosted data than intended.
The flaw allowed anyone to access data stored on customer instances without requiring credentials such as a password.
ServiceNow tells TechCrunch that the security incident was not a hack, but the work of security researchers looking for vulnerabilities they could submit for a bug bounty program.
“In addition to our own investigation, we have been in contact with the security researchers who originally reported this issue and can confirm that the evidence of the observed activity came from those security researchers and customer research teams, not from bad actors,” said ServiceNow spokeswoman Courtney Johnson. “The security researchers advised that their activity was solely related to bug submissions and no data was used or retained.”
When asked by TechCrunch, ServiceNow did not immediately name the security researchers, or say how much ServiceNow customer data was accessed.
Since the security incident appears to stem from a data-exposing bug, it is unclear whether customers could have been protected from improper access prior to the incident.
ServiceNow is a cloud computing giant that enables thousands of its enterprise customers to automate their internal business processes. Companies use the tech giant’s platform to create workflows that connect to various applications and databases, such as IT and HR systems, which can be used to automatically handle repetitive tasks such as on-boarding staff, resolving technical support tickets and for chatbots.
As such, companies like ServiceNow can be high-value targets for hackers thanks to the amount of sensitive data they store, such as customer support tickets, which can include passwords, keys and credentials.
ServiceNow said the issue is related to customer instances running it Australia is releasedbut many people on reddit say they have detected external access elements in ServiceNow instances running other versions of its software.
Network defenders shared an IP address, 51.159.98.241said to be an indicator of possible data access if found in a client’s logs.
Corrected seventh paragraph to update references to Australian publications, not related to geography. Updated to include comments from ServiceNow.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
