News of a misconfiguration in ServiceNow caused great concern over the past several days because it’s estimated that 80% of Fortune 500 companies deploy ServiceNow.
If a company was breached, security experts said there would have been direct risks such as data leaks, including passwords, sensitive ticket info, and PII, as well as indirect risk for social engineering campaigns and impact on the organization’s reputation.
But as of Oct. 31, there are no known reported exploits or data loss as a result of the ServiceNow misconfiguration.
Maor Bin, co-founder and CEO at Adaptive Shield, said since reports of the ServiceNow misconfiguration came out last week, his research team detected more than 5,000 exposed companies, where many were Fortune 500 businesses. Bin said once ServiceNow released the fix reportedly on Oct. 20, his team reassessed the exposed portals and found that 99% of the tables within the portals are not accessible, leaving just 1% of affected organizations exposed.
“A single misconfiguration is an Achilles heel to an organization’s SaaS app stack,” said Bin. “They provide an inadvertent gateway for potential threats. In my experience, I have seen this type of…
