Cloud expertise big ServiceNow seems to have notified a few of its enterprise prospects {that a} software program bug on its platform was permitting anybody on the web to entry their knowledge.
A knowledge base article, which ServiceNow has hidden behind a login wall however has been shared on Reddit, says the corporate on June 5 patched some buyer cases to repair a bug that had allowed unauthenticated customers to “acquire higher entry” to ServiceNow-hosted knowledge than meant.
The bug allowed probably anybody to acquire knowledge saved in buyer cases with out requiring credentials, reminiscent of a password.
It’s not clear who had improper entry to ServiceNow prospects, what knowledge was accessed or taken, or if any group was concerned. Provided that the safety incident seems to stem from a data-exposing bug, it’s unclear if prospects might have protected themselves from improper entry.
ServiceNow is a cloud computing big that enables 1000’s of its enterprise prospects to automate their inner enterprise processes. Corporations use the tech big’s platform to construct workflows that join to varied apps and databases, reminiscent of IT and HR methods, which can be utilized to routinely deal with repeat duties, like onboarding employees, resolving tech assist tickets, and for chatbots.
As such, firms like ServiceNow are high-value targets for hackers due to the quantity of delicate knowledge that they retailer, reminiscent of buyer assist tickets, which might embrace passwords, keys and credentials.
ServiceNow stated the problem pertains to Australian buyer cases, however several people on Reddit who aren’t situated in Australia say they’ve recognized proof of exterior entry to their ServiceNow cases. Community defenders shared an IP address, 51.159.98.241, stated to be an indicator of potential compromise if present in a buyer’s logs.
A spokesperson for ServiceNow didn’t instantly return TechCrunch’s e mail requesting remark and looking for solutions on what number of prospects are affected, or how lengthy the bug had uncovered the info.
While you buy by way of hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
