Cloud software giant ServiceNow has notified some customers that a software flaw exposed portions of their data to the internet, raising fresh concerns about cybersecurity risks facing major enterprise technology providers. According to TechCrunch, the issue allowed unauthorized users to gain access to certain customer data without requiring credentials.
The company said it deployed a security update on June 5 after identifying a vulnerability that could allow an unauthenticated user to gain greater access to customer instances than intended. ServiceNow hosts workflow, IT management, human resources, and customer-service systems for thousands of organizations worldwide, making it a significant repository of sensitive corporate information.
READ: OpenAI raises $122 billion in record funding round, IPO plans expected (April 1, 2026)
According to reports citing a customer advisory, the flaw involved an API endpoint that lacked proper authentication controls. Security researchers and cybersecurity analysts said the vulnerability could have allowed attackers to query information stored in affected customer environments, potentially including internal documentation, support tickets, employee records, workflow data, and configuration details.
ServiceNow has not publicly disclosed how many customers were affected, what specific data may have been accessed, or whether any information was ultimately stolen. The company has reportedly contacted impacted customers directly and advised organizations to review logs for suspicious activity.
The incident comes at a time when enterprise software vendors are facing increased scrutiny over cloud security practices. As organizations centralize critical business operations on software platforms, vulnerabilities affecting a single provider can have ripple effects across multiple industries.
For businesses, including technology firms, healthcare providers, financial institutions, and multinational corporations, ServiceNow often serves as a central hub for operational workflows. As a result, even limited unauthorized access can create concerns about sensitive corporate information becoming exposed.
Cybersecurity researchers said the issue highlights the importance of securing application programming interfaces, or APIs, which increasingly act as gateways between enterprise systems and cloud-based services. Several reports indicate evidence of exploitation occurred before the company issued its patch, though the scope of the activity remains unclear.
READ: American Airlines rejects merger with United, more than 4% stocks fall off (April 20, 2026)
The disclosure also arrives as software companies race to integrate artificial intelligence into enterprise platforms, placing additional focus on the security of cloud infrastructure and customer data. Investors appeared concerned by the news, with ServiceNow shares coming under pressure following reports of the incident.
ServiceNow has not released a full public accounting of the event, and investigations remain ongoing. The company said it has addressed the vulnerability and continues to work with affected customers to assess any potential impact