Irish cyber security researcher reveals flaw at major IT services firm ServiceNow

Aaron Costello, who previously discovered an IT glitch affecting HSE users’ information, found that ‘knowledge bases’ used by ServiceNow clients could be open to the public

One of the world’s biggest IT services and helpdesk companies has amended its systems after a Dublin IT security researcher found that confidential information was being exposed.

The company affected was ServiceNow, which is used by most large companies to manage IT services.

According to the researcher, Aaron Costello, the exposed information included names, phone numbers, internal system details and active credentials or tokens to live production systems.

ServiceNow, which is headquartered in the US, employs around 500 people in Dublin. Last year, it announced expansion plans with the intention of hiring 400 additional staff in Ireland. It confirmed the issue raised by Mr Costello and says that its systems have been amended.

Earlier this year, Mr Costello, who is chief of SaaS security research at AppOmni, also unearthed an HSE IT glitch that weakened security around the vaccination details of over 1m people.

He found that the organisation had “misconfigured” a Covid-related database in December of 2021, opening the details of over 1m people up to potential exploitation.

That time, the health body said that no personal data was accessed by hackers or malicious parties, despite the IT glitch creating the possibility.

In this case, the vulnerability involves ‘knowledge bases’ used by customers of ServiceNow.

‘Knowledge bases’ are self-service platforms for users to store, share, and manage content. They can include information such as internal company documentation for staff about how to reset company passwords and how to respond to a cyberattack in which systems employees can find certain company information, data related to HR processes and more. With that type of information, Mr Costello said, cybercriminals could launch attacks into other company systems, steal database information, or effectively “live” inside the company’s systems, setting traps and collecting intel for future attacks.

ServiceNow is a $180 billion company whose technology is used by 85pc of the Fortune 500 to manage IT services and processes.

The researcher found that over 1,000 ServiceNow ‘instances’ have exposed data. This equated to about 45pc of all the instances that were tested.

“This is critical for organisations that use ServiceNow to know about because it can lead to the exposure of sensitive information such as PII, internal system information, and active credentials,” said Mr Costello.

“This highlights the urgent need for enterprises to routinely check and update their security configurations to prevent unauthorised access and protect their data assets. Understanding these issues and how to mitigate them is essential for maintaining robust security in enterprise SaaS environments.”

In a statement, ServiceNow said that it sent 6,200 communications to customers who may have been affected.

“ServiceNow is committed to fostering collaboration with the security community,” said Ben De Bont, chief information security officer at ServiceNow.

“We are committed to protecting our customers’ data and security researchers are important partners in our ongoing efforts to improve the security of our products. We would like to extend our thanks to AppOmni and Aaron Costello for their thorough and dedicated efforts to enhance the security of our products. Their willingness to respect industry practices and delay publication of their research provided us and our customers time to evaluate and appropriately configure the accessibility of [knowledge base] articles.”

Reporting on:independent.ie

Previous
Previous

Irish ice-cream chain Scrumdiddly’s bought by equity firm KnightBridge

Next
Next

Greencoat Renewables generates cash of €113.6m in first half