ServiceNow tells customers a bug left some of their data exposed to the internet

Cloud technology giant ServiceNow has notified some of its enterprise customers that a software bug on its platform was allowing anyone on the internet to access their data.

A knowledge base article, which ServiceNow has hidden behind a login wall but has been shared on Reddit, says the company on June 5 patched some customer instances to fix a bug that had allowed unauthenticated users to “gain greater access” to ServiceNow-hosted data than intended.

The bug allowed potentially anyone to access data stored in customer instances without requiring credentials, such as a password.

ServiceNow tells TechCrunch that the security incident was not a hack, but the work of security researchers who were looking for vulnerabilities that they could submit for a bug bounty program.

“Alongside our own investigation, we have been in contact with the security researchers who initially reported this issue and can confirm that evidence of the observed activity came from those security researchers and customer research teams, not bad actors,” said ServiceNow spokesperson Courtney Johnson. “The security researchers have advised their activity was solely for bug bounty submissions and no data was used or retained.”

When asked by TechCrunch, ServiceNow did not immediately name the security researchers, nor say how many ServiceNow customers’ data was accessed.

Given that the security incident appears to stem from a data-exposing bug, it’s unclear if customers could have protected themselves from improper access prior to the incident.

ServiceNow is a cloud computing giant that allows thousands of its enterprise customers to automate their internal business processes. Companies use the tech giant’s platform to build workflows that connect to various apps and databases, such as IT and HR systems, which can be used to automatically handle repeat tasks, like onboarding staff, resolving tech support tickets, and for chatbots.

As such, companies like ServiceNow can be high-value targets for hackers thanks to the amount of sensitive data that they store, such as customer support tickets, which can include passwords, keys, and credentials.

ServiceNow said the issue relates to customer instances running its Australia releases, but several people on Reddit say they have identified evidence of external access to ServiceNow instances running other versions of its software.

Network defenders shared an IP address, 51.159.98.241, said to be an indicator of potential data access if found in a customer’s logs.

When you purchase through links in our articles, we may earn a small commi