• ServiceNow reveals security issue affecting customer data, but wo

    From TechnologyDaily@1337:1/100 to All on Wed Jun 10 14:15:28 2026
    ServiceNow reveals security issue affecting customer data, but won't reveal much on what actually happened

    Date:
    Wed, 10 Jun 2026 13:05:00 +0000

    Description:
    A bug in an API endpoint was apparently abused to access customer data.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter ServiceNow fixes API flaw which let unauthenticated attackers query some customer instance tables Issue
    mainly hit customers on the Australia release or older versions with custom configs Admins urged to review logs for /api/now/related_list_edit requests, especially from 51.159.98.241 ServiceNow has told some of its customers that cybercriminals were able to abuse a flaw in an API endpoint in an attemtpy to access their data.

    In a support bulletin published on its customer support portal, the company said it had addressed an issue, that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended. A fix was applied on June 5 2026, the bulletin said, which changed the API endpoint configuration to limit access just to authenticated users. Latest Videos From Watch full video here: Affecting Australians The company said that the attackers exploited the vulnerability to query customer
    instance tables but did not say what type of data they were able to access.

    These instances usually store sensitive enterprise information such as IT support tickets, employee records, internal documentation, asset inventories, security incident reports, workflow data, and configuration details for corporate systems and services. You may like Security study finds thousands
    of API credentials exposed on the web for years Rapid7 observes new Palo Alto VPN flaw exploited in the wild to bypass GlobalProtect authentication
    Worrying open-source security issue 'BadHost' could affect millions of AI agents

    However, that doesnt mean this kind of information was accessed, nor that every exposed customer lost all of this data.

    Further in the bulletin, the company said the issue primarily affected customers running the Australia platform release, as well as those on older releases with certain configuration changes. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    "The security issue pertains to customers who are on the Australia platform release or made certain configuration changes to instances on releases prior to Australia," ServiceNow warned.

    The company says it has notified affected customers by opening support cases
    - terefore, if you are a ServiceNow customer without an open support case, consider your data safe.

    Other administrators should take a look at their logs for requests to /api/now/related_list_edit, particularly from the IP address 51.159.98.241. They should also review exposed tickets and records for sensitive
    information, update passwords and tokens shared through support workflows,
    and make sure API logging is turned on.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/servicenow-reveals-security-issue-affec ting-customer-data-but-wont-reveal-much-on-what-actually-happened


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)