ServiceNow data breach: security issue gives attacker access

Published: 10 June 2026
servicenow logo human
Image by David Paul Morris/Bloomberg via Getty Images.

American software behemoth ServiceNow has disclosed a “security incident” that allowed attackers to access customer data. The company says it pushed an update to secure hosted customer instances. Users fear the company knew about the issue for months.

Key takeaways:
  • ServiceNow disclosed a security incident that allowed unauthorized users to access customer data through a misconfigured endpoint vulnerability.
  • Users allege ServiceNow knew about the security flaw since April 7 but delayed fixing it until later releases.
  • The vulnerability affected customers on Australia platform release and earlier versions with specific configuration changes applied to instances.
  • ServiceNow confirmed successful unauthorized queries of customer instance tables occurred but has not disclosed the number of impacted customers.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

ServiceNow started issuing notifications to customers about unauthorized activity in their environments. According to a customer-only bulletin, a security issue allowed unauthorized users “to gain greater access to ServiceNow instances than intended.”

ADVERTISEMENT

To make matters worse, ServiceNow claims the company has observed “anomalous activity relating to the security issue.”

“For a subset of customers, we have observed evidence of successful queries of instance tables. We have notified customers if successful queries were observed via case,” reads the bulletin.

Meanwhile, the company confirmed to Cybernews that it applied a security update to hosted customers.

“The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended,” a ServiceNow statement, shared with Cybernews, reads.

“The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended,”

ServiceNow said.

What caused the ServiceNow data breach?

While the company carefully avoids naming the core issue, it is clear that ServiceNow suffered a data breach, likely caused by a misconfigured endpoint.

Users on the ServiceNow-dedicated Reddit forum shared their insights about the data breach, noting that the most likely cause was the software maker pushing an update with the security setting turned off.

ADVERTISEMENT

Users noted that ServiceNow remained vague about the security issue. The company’s bulletin notes that the issue “pertains to customers who are on the Australia platform release or made certain configuration changes to instances on releases prior to Australia,” in essence confirming what Redditors were saying.

Namely, the bug affected earlier versions of the company’s software (ServiceNow names its software releases alphabetically after cities/regions).

ServiceNow flaw
Image by Cybernews.

Interestingly, one user alleges the company may have been aware of the issue for months. Apparently, after a security team reached out to ServiceNow, the company’s support agents suggested closing the case and not worrying about it.

The same Reddit user continued, saying that after escalation, they were put on hold and later shown problem record tickets that revealed ServiceNow had been aware of the claims since early April.

“They showed us an internal PRB showing that ServiceNow has been aware of the vulnerability since April 7th and did not clarify it as a threat. They were targeting to fix it in Brazil before our report,” the Reddit user explained.

We asked ServiceNow to clarify whether these claims were true, but we have not received a response.

It is unclear how many customers were affected by the security incident at the time of writing. However, ServiceNow’s security bulletin said impacted customers were contacted by the company.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The company did not specify what type of data the unauthorized access may have exposed. However, given that ServiceNow works with multiple large corporations, details may range from IT infrastructure to employee details and everything in between.

ADVERTISEMENT

At the same time, the company is still evaluating whether to publish a CVE for the issue.

Earlier this year, an AI security vulnerability called “BodySnatcher” affected ServiceNow’s Virtual Agent API and Now Assist AI Agents. According to the researcher who first discovered it, it could have enabled an attacker to impersonate privileged users and drive AI agent workflows to create backdoor access.

Meanwhile, in 2023, researchers discovered a ServiceNow flaw that may have allowed unauthorized access to its systems.

The California-headquartered ServiceNow is a major IT services provider, with early revenue exceeding $13 billion last year, and a staff of nearly 30,000.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nigel Farage and Andrew Bailey's “bizarre AI video” is more dangerous than you might think
Data from 35M OkCupid users leaked online, hackers claim everyone’s exposed
A giant Instagram phone number database just surfaced. Should you be worried?
Apple overhauls Siri in late push to stay in AI race
US says major Chinese tech giants like Alibaba are supporting China’s military
NASA astronauts set to wear Prada on future Moon missions
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked