1 hour ago
1
Image Credits:Lionel Ng / Bloomberg / Getty Images7:13 AM PDT · June 10, 2026
Cloud exertion elephantine ServiceNow appears to person notified immoderate of its endeavor customers that a bundle bug connected its level was allowing anyone connected the net to entree their data.
A knowledge basal article, which ServiceNow has hidden down a login partition but has been shared connected Reddit, says the institution connected June 5 patched immoderate lawsuit instances to hole a bug that had allowed unauthenticated users to “gain greater access” to ServiceNow-hosted information than intended.
The bug allowed perchance anyone to get information stored successful lawsuit instances without requiring credentials, specified arsenic a password.
It’s not wide who had improper entree to ServiceNow customers, what information was accessed oregon taken, oregon if immoderate radical was involved. Given that the information incidental appears to stem from a data-exposing bug, it’s unclear if customers could person protected themselves from improper access.
ServiceNow is simply a unreality computing elephantine that allows thousands of its endeavor customers to automate their interior concern processes. Companies usage the tech giant’s level to physique workflows that link to assorted apps and databases, specified arsenic IT and HR systems, which tin beryllium utilized to automatically grip repetition tasks, similar onboarding staff, resolving tech enactment tickets, and for chatbots.
As such, companies similar ServiceNow are high-value targets for hackers acknowledgment to the magnitude of delicate information that they store, specified arsenic lawsuit enactment tickets, which tin see passwords, keys and credentials.
ServiceNow said the contented relates to Australian lawsuit instances, but several radical connected Reddit who are not located successful Australia accidental they person identified grounds of outer entree to their ServiceNow instances. Network defenders shared an IP address, 51.159.98.241, said to beryllium an indicator of imaginable compromise if recovered successful a customer’s logs.
A spokesperson for ServiceNow did not instantly instrumentality TechCrunch’s email requesting remark and seeking answers connected however galore customers are affected, oregon however agelong the bug had exposed the data.
When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.
Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.
English (US) ·