ServiceNow patch exposes customer data after unauthenticated access bug
A software flaw allowed internet users to access sensitive enterprise data without credentials. The vulnerability was patched on June 5, but details on the scope of the breach remain undisclosed.
Cloud technology provider ServiceNow has notified enterprise customers that a software bug on its platform permitted unauthenticated internet users to access their data. The company patched the vulnerability on June 5, 2026, but it remains unclear who accessed the information or the full extent of the exposure. While ServiceNow stated the issue related to Australian customer instances, reports from users outside Australia suggest a broader impact.
A knowledge base article shared on Reddit indicates the bug allowed unauthenticated users to gain greater access to ServiceNow-hosted data than intended. The flaw potentially allowed anyone to obtain data stored in customer instances without requiring credentials, such as a password. Network defenders have shared an IP address, 51.159.98.241, as an indicator of potential compromise if found in customer logs.
ServiceNow is a cloud computing giant used by thousands of enterprises to automate internal business processes, including IT and HR systems. Companies use the platform to build workflows for tasks such as staff onboarding, resolving tech support tickets, and operating chatbots. Due to the sensitive data stored on the platform, such as customer support tickets, passwords, keys, and credentials, ServiceNow is considered a high-value target for hackers.
It is not clear who had improper access to ServiceNow customers, what specific data was accessed or taken, or if any specific group was involved. The exact number of affected customers and the duration the bug exposed data remain unknown. ServiceNow did not immediately return TechCrunch’s email requesting comment on the number of affected customers or the duration of the exposure.
Given that the security incident stems from a data-exposing bug, it is unclear if customers could have protected themselves from improper access. While the company’s initial statement focused on Australian instances, several users on Reddit who are not located in Australia have reported evidence of external access to their ServiceNow instances.
