ServiceNow has notified some enterprise customers that a platform bug may have allowed unauthenticated users to access data hosted in customer instances. The company patched some customer instances on June 5 and said the activity it observed came from security researchers and customer research teams, not malicious actors.
A ServiceNow knowledge base article described the issue as allowing unauthenticated users to gain greater access to ServiceNow-hosted data than intended, according to TechCrunch. The article is behind a login wall, but parts of it were shared on Reddit.
ServiceNow Says Incident Was Not A Hack
ServiceNow spokesperson Courtney Johnson told TechCrunch that the incident was not a hack. She said the company had contacted the security researchers who first reported the issue and confirmed that the observed activity came from researchers submitting bug bounty findings.
Johnson said the researchers advised that their activity was only for bug bounty submissions and that no data was used or retained. ServiceNow did not immediately name the researchers or say how many customers’ data was accessed.
The company also did not say whether customers could have prevented the access before the patch. The issue appears to have involved a data-exposing software bug rather than stolen credentials.
Bug Affected Customer Instances
ServiceNow said the issue related to customer instances running its Australia releases. Some Reddit users said they had found signs of external access on instances running other versions, though ServiceNow’s public statement did not confirm that broader scope.
Network defenders also shared the IP address 51.159.98.241 as a possible indicator of data access if found in customer logs. ServiceNow’s Trust Center provides customer security and advisory information, though the specific customer notice is not publicly visible.
Platform Holds Sensitive Business Data
ServiceNow’s platform is used by enterprise customers to automate internal processes across IT, HR, support, and other business systems. These workflows can connect to databases, apps, tickets, and chatbots.
Because of that role, customer instances may hold sensitive information such as support tickets, passwords, keys, credentials, and internal business records. ServiceNow says its AI Platform is used to manage and automate work across enterprise systems.
Featured image credits: Atlas Digital Group
For more stories like it, click the +Follow button at the top of this page to follow us.