ServiceNow tells customers a bug left some of their data exposed to the internet

Cloud technology giant ServiceNow appears to have notified some of its enterprise customers that a software bug on its platform was allowing anyone on the internet to access their data. A knowledge base article, which ServiceNow has hidden behind a login wall but has been shared on Reddit, says the company on June 5 patched some customer instances to fix a bug that had allowed unauthenticated users to “gain greater access” to ServiceNow-hosted data than intended. The bug allowed potentially anyone to obtain data stored in customer instances without requiring credentials, such as a password. It’s not clear who had improper access to ServiceNow customers, what data was accessed or taken, or if any group was involved. Given that the security incident appears to stem from a data-exposing bug, it’s unclear if customers could have protected themselves from improper access. ServiceNow is a cloud computing giant that allows thousands of its enterprise customers to automate their internal business processes. Companies use the tech giant’s platform to build workflows that connect to various apps and databases, such as IT and HR systems, which can be used to automatically handle repeat tasks, like onboarding staff, resolving tech support tickets, and for chatbots. As such, companies like ServiceNow are high-value targets for hackers thanks to the amount of sensitive data that they store, such as customer support tickets, which can include passwords, keys and credentials. ServiceNow said the issue relates to Australian customer instances, but several people on Reddit who are not located in Australia say they have identified evidence of external access to their ServiceNow instances. Network defenders shared an IP address, 51.159.98.241 , said to be an indicator of potential compromise if found in a customer’s logs. A spokesperson for ServiceNow did not immediately return TechCrunch’s email requesting comment and seeking answers on how many customers are affected, or how long the bug had exposed the data.