ServiceNow Bug Allowed Unauthenticated Access to Customer Data
Auf einen Blick
- Cloud tech giant ServiceNow disclosed a bug allowing unauthenticated internet access to customer data.
- The company stated security researchers, not bad actors, discovered the issue while seeking bug bounties.
- The bug affected Australia releases, but users report wider impact.
KI-generierte Zusammenfassung
Warum es wichtig ist
Cloud technology giant ServiceNow has informed some enterprise customers about a software bug that enabled unauthorized internet access to their data. The company stated the issue was discovered by security researchers, not malicious actors, and was patched on June 5.
Cloud technology giant ServiceNow has notified some of its enterprise customers that a software bug on its platform was allowing anyone on the internet to access their data.
A knowledge base article, which ServiceNow has hidden behind a login wall but has been shared on Reddit, says the company on June 5 patched some customer instances to fix a bug that had allowed unauthenticated users to “gain greater access” to ServiceNow-hosted data than intended.
The bug allowed potentially anyone to access data stored in customer instances without requiring credentials, such as a password.
ServiceNow tells TechCrunch that the security incident was not a hack, but the work of security researchers who were looking for vulnerabilities that they could submit for a bug bounty program.
“Alongside our own investigation, we have been in contact with the security researchers who initially reported this issue and can confirm that evidence of the observed activity came from those security researchers and customer research teams, not bad actors,” said ServiceNow spokesperson Courtney Johnson. “The security researchers have advised their activity was solely for bug bounty submissions and no data was used or retained.”
When asked by TechCrunch, ServiceNow did not immediately name the security researchers, nor say how many ServiceNow customers’ data was accessed.
Given that the security incident appears to stem from a data-exposing bug, it’s unclear if customers could have protected themselves from improper access prior to the incident.
ServiceNow is a cloud computing giant that allows thousands of its enterprise customers to automate their internal business processes. Companies use the tech giant’s platform to build workflows that connect to various apps and databases, such as IT and HR systems, which can be used to automatically handle repeat tasks, like onboarding staff, resolving tech support tickets, and for chatbots.
As such, companies like ServiceNow can be high-value targets for hackers thanks to the amount of sensitive data that they store, such as customer support tickets, which can include passwords, keys, and credentials.
ServiceNow said the issue relates to customer instances running its Australia releases, but several people on Reddit say they have identified evidence of external access to ServiceNow instances running other versions of its software.
Network defenders shared an IP address, 51.159.98.241, said to be an indicator of potential data access if found in a customer’s logs.
Corrected the seventh paragraph to update references to the Australia releases, unrelated to geography. Updated to include comment from ServiceNow.
Offene Fragen
- How many ServiceNow customers were affected?
- Was data actually exfiltrated or misused by the security researchers?
- Could customers have taken steps to protect themselves prior to the patch?
- Were instances running versions other than the 'Australia releases' also affected?
