Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

ServiceNow Discloses Security Incident Exposing Customer Data

ServiceNow said a patch on June 5 limited access to authenticated users after attackers queried customer instance tables, while it evaluates a CVE.

  • ServiceNow applied a security update on Friday to fix a bug that allowed unauthenticated users to gain greater access to ServiceNow-hosted data than intended.
  • Administrators on Reddit identified the flaw at a REST endpoint configured with 'requires_authentication=false,' which permitted unauthenticated requests to access instance data.
  • ServiceNow warned that "The security issue pertains to customers who are on the Australia platform release or made certain configuration changes to instances on releases prior to Australia."
  • Attackers exploited the vulnerability to query customer instance tables, prompting ServiceNow to notify impacted customers via direct Support cases after detecting "anomalous activity."
  • Numerous Administrators are advised to review logs for API requests from IP address '51.159.98.241' and rotate credentials or tokens shared through Support workflows.
Insights by Ground AI

18 Articles

TechCrunchTechCrunch
Center

ServiceNow tells customers a bug left some of their data exposed to the internet

ServiceNow is used by thousands of enterprises to automate their internal processes, but says several customers had data accessed because of a security bug.

·United States
Read Full Article
Tech RadarTech Radar
Center

ServiceNow reveals security issue affecting customer data, but won't reveal much on what actually happened

A bug in an API endpoint was apparently abused to access customer data.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
+2 Reposted by 2 other sources
Center

ServiceNow discloses security incident exposing customer data

ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances.

·New York, United States
Read Full Article
CX TodayCX Today

ServiceNow Patches Data Exposure Vulnerability in Another Reminder That CX Runs on Security

ServiceNow has disclosed a security vulnerability that allowed unauthenticated users to gain access to customer systems. The enterprise software company said it applied a security update to hosted customer environments on June 5 and contacted those affected. A spokesperson told CX Today: “ServiceNow recently applied a security update to hosted customers. The update concerned a security issue that could allow an unauthenticated user, in certain c…

Read Full Article
digitalmarketreports.comdigitalmarketreports.com

ServiceNow Notifies Customers After Bug Exposed Some Hosted Data

ServiceNow has notified some enterprise customers that a platform bug may have allowed unauthenticated users to access data hosted in customer instances. The company patched some customer instances on June 5 and said the activity it observed came from security researchers and customer research teams, not malicious actors. A ServiceNow knowledge base article described the issue as allowing unauthenticated users to gain greater access to ServiceNo…

Read Full Article
CSO OnlineCSO Online

ServiceNow fixes API issue after reports of suspicious tenant activity

ServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and reports of suspicious activity linked to their environments. According to the company’s advisory, the vulnerability was initially reported through ServiceNow’s bug bounty pro…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in New York, United States on Tuesday, June 9, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Gadgets icon

Gadgets

Technology icon

Technology

Data Breaches icon

Data Breaches

Security icon

Security

Santa Clara icon

Santa Clara

Big Tech and Platforms icon

Big Tech and Platforms

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal