The security lapse stemmed from a configuration bug that granted external parties broader access to customer instances than intended. Although ServiceNow attributed the issue specifically to Australian accounts, reports from global users suggest a wider footprint. Network security professionals have flagged the IP address 51.159.98.241 as a primary indicator of compromise, urging administrators to audit their logs for unauthorized activity.
ServiceNow provides critical infrastructure for automating internal business processes, including IT ticketing and HR workflows. Because these systems often house passwords, encryption keys, and private credentials, they represent high-value targets for data harvesting. The company has yet to disclose the total number of affected entities or the duration of the exposure, leaving IT departments scrambling to verify the integrity of their data stores.
Comments (0)
No comments yet. Be the first!