logo

ServiceNow Breach: Customer Data Exposed Through Unauthenticated API Access

ID: 5dc74923-7381-5e54-9285-1a81fcb239f2

STIX ID: report--5dc74923-7381-5e54-9285-1a81fcb239f2

Feed Name: SOCRadar Blog

Threat Score
70/100

Date Published: 2026-06-10

Date Updated: 2026-06-11

Author: Ameer Owda

...
...

ServiceNow disclosed malicious unauthorized access to some customer instances via a reportedly unauthenticated API endpoint (/api/now/related_list_edit/create), affecting customers on the Australia platform release and certain older-release configurations; ServiceNow applied a security update (KB3067321) on June 5, 2026. The report recommends confirming impact with ServiceNow support, validating the remediation, reviewing logs for the endpoint and suspicious IPs (notably 51.159.98.241), rotating exposed secrets, and auditing Scripted REST APIs, ACLs, and access policies.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.