iGEN
Visit IGEN World Explore IGEN Expo
EXPLORE UPGRADE PLANS
BREAKING
Ardmore Shipping Exercises Options for Two More Product Tankers at Wuhu Shipyard Frontloading Fuels Early Peak Surge at Port of Los Angeles with 17% May Volume Jump India's strategic oil reserves cover only 9-10 days of crude imports, says CEEW report Indian Trading Apps Groww, Zerodha, Angel One, Upstox Get GIFT City Licences for US Stock Investing Norway backs new generation of hydrogen-fuelled bulkers with $36m Enova grant India's MFI Portfolio Contracts 17% in FY24 but Shows Stabilization Signs in Q4 Eastern Pacific exits chemical tanker sector as fleet shifts to Ace and Womar Telegram Blocked in India for NEET Exam, But Remains Accessible via VPN FTAs, Agri-Start-ups and FPOs to Drive Next Phase of Farm Export Growth: APEDA Chief India's mango exports reach 45 countries; US shipments likely to grow over 30% this season: APEDA Ardmore Shipping Exercises Options for Two More Product Tankers at Wuhu Shipyard Frontloading Fuels Early Peak Surge at Port of Los Angeles with 17% May Volume Jump India's strategic oil reserves cover only 9-10 days of crude imports, says CEEW report Indian Trading Apps Groww, Zerodha, Angel One, Upstox Get GIFT City Licences for US Stock Investing Norway backs new generation of hydrogen-fuelled bulkers with $36m Enova grant India's MFI Portfolio Contracts 17% in FY24 but Shows Stabilization Signs in Q4 Eastern Pacific exits chemical tanker sector as fleet shifts to Ace and Womar Telegram Blocked in India for NEET Exam, But Remains Accessible via VPN FTAs, Agri-Start-ups and FPOs to Drive Next Phase of Farm Export Growth: APEDA Chief India's mango exports reach 45 countries; US shipments likely to grow over 30% this season: APEDA
Home ›› Technology ›› Cybersecurity ›› ServiceNow API Flaw Exposes Customer Data in Australia
iGEN
Technology Cybersecurity

ServiceNow API Flaw Exposes Customer Data in Australia

ServiceNow has addressed a security flaw in its API that allowed unauthorized access to customer data, primarily affecting those on the Australia release. The company has implemented a fix and advised customers to review their logs for suspicious activity.

iG
iGEN Editorial
June 10, 2026
ServiceNow API Flaw Exposes Customer Data in Australia

ServiceNow has recently disclosed a security issue that exposed customer data due to a flaw in an API endpoint. This vulnerability allowed unauthenticated attackers to query certain customer instance tables, primarily affecting customers using the Australia release or older versions with specific configurations.

Impact on Australian Customers

The security flaw was particularly concerning for customers operating on the Australia platform release. According to ServiceNow, attackers exploited this vulnerability to access customer instance tables, which could potentially contain sensitive enterprise information such as IT support tickets, employee records, and security incident reports. However, the company has not confirmed the exact nature of the data accessed.

Response and Mitigation

ServiceNow applied a fix on June 5, 2026, which reconfigured the API endpoint to restrict access to authenticated users only. The company has notified affected customers by opening support cases, advising them to review logs for requests to /api/now/related_list_edit, especially from the IP address 51.159.98.241. Administrators are also encouraged to update passwords and tokens shared through support workflows and ensure API logging is enabled.

Recommendations for Administrators

ServiceNow has urged administrators to take proactive measures in response to this incident:

  • Review logs for suspicious requests, particularly from the specified IP address.
  • Examine exposed tickets and records for sensitive information.
  • Update any shared passwords and tokens.
  • Ensure API logging is active to monitor future access attempts.

Broader Implications

This incident highlights the critical importance of robust API security, especially for platforms handling sensitive enterprise data. For CTOs and technology leaders, it underscores the need for regular security audits and updates to prevent unauthorized access. As digital transformation continues to evolve, ensuring the security of digital platforms remains a top priority.

ServiceNow's swift response and communication with affected customers demonstrate a commitment to addressing security vulnerabilities promptly. However, the lack of detailed information about the breach may leave some customers seeking further clarity on the potential impact.

Overall, this incident serves as a reminder for enterprises to continuously evaluate their cybersecurity measures and ensure that all software components, especially those involving API access, are secure and up-to-date.

Sources: TechRadar – Main Feed

Keep Reading

Recommended Stories

Novo Nordisk Reveals Clinical Trials Data Breached in Cyberattack, Patient IDs Exposed Technology

Novo Nordisk Reveals Clinical Trials Data Breached in Cyberattack, Patient IDs Exposed

Novo Nordisk, the maker of Ozempic and Wegovy, confirmed a cyberattack that breached pseudonymized clinical trial data, including patient IDs, biomarkers, and lifestyle factors. The company stated no personally identifiable information (PII) was exposed and core operations remain unaffected. Third-party cybersecurity experts are investigating.

June 15, 2026
French Government's Tchap Messaging App Breached, 14GB of Data Stolen Technology

French Government's Tchap Messaging App Breached, 14GB of Data Stolen

The French government's internal encrypted messaging service Tchap was compromised in a cyber attack. The breach was discovered on June 7 by ANSSI, and a hacker claims to have stolen nearly 14GB of documents, email addresses, and meeting links. The incident underscores France's push for homegrown software alternatives.

June 14, 2026
Coupang Fined $400M by South Korea for Massive Data Breach Affecting 37.5 Million Users Technology

Coupang Fined $400M by South Korea for Massive Data Breach Affecting 37.5 Million Users

South Korea's data protection regulator fined Coupang $400M (624.68bn won) for a data breach affecting 37.5 million users, the largest such fine ever. The leak exposed names, contact, delivery details, and order histories. Coupang expressed regret and plans to challenge the decision; its CEO resigned.

June 14, 2026
Japanese Utility Loses Drive with 10.9M Records: What Enterprises Must Learn Technology

Japanese Utility Loses Drive with 10.9M Records: What Enterprises Must Learn

Kyushu Electric Power Co. reported a physical storage drive containing data of 10.9 million customers missing from an unlocked cabinet. The incident underscores critical physical security gaps in enterprise data protection, with regulators demanding a full report by July 8, 2026.

June 14, 2026