Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cloud technology giant ServiceNow has apparently notified some of its enterprise customers that there is a software flaw on its platform that allows anyone on the internet to access their data.
A Knowledge base articlewhich ServiceNow hid behind a login wall but It was shared on Redditthe company says on June 5 that it has patched some customer instances to fix a flaw that allowed unauthenticated users to “gain greater access” to ServiceNow-hosted data than intended.
The bug allowed anyone to obtain data stored in client instances without requiring credentials, such as a password.
It is not clear who had inappropriate access to ServiceNow customers, what data was accessed or taken, or whether any group was involved. Given that the security incident appears to have been caused by a bug that exposed data, it is unclear whether customers can protect themselves from improper access.
ServiceNow is a cloud computing giant that allows thousands of its enterprise customers to automate their internal business processes. Companies use the tech giant’s platform to build workflows that connect to various applications and databases, such as IT and HR systems, which can be used to automatically handle repetitive tasks, such as employee onboarding, resolving technical support tickets, and chatbots.
As such, companies like ServiceNow are high-value targets for hackers thanks to the amount of sensitive data they store, such as customer support tickets, which can include passwords, keys, and credentials.
ServiceNow said the issue relates to Australian customer instances, however Several people on Reddit Those not located in Australia say they have identified evidence of external access to their ServiceNow instances. Network Defenders Share IP address, 51.159.98.241is said to be an indication of a potential settlement if it is found in a client’s records.
A ServiceNow spokesperson did not immediately return TechCrunch’s email seeking comment and seeking answers on how many customers were affected, or how long the bug exposed data.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.
