A bug in ServiceNow’s platform allowed some customer data to be accessed without authentication. The company discovered the issue on June 3 and issued an advisory on June 5, saying the exposure was limited to a subset of tenants that had enabled a specific API endpoint. The flaw affected records such as incident tickets and service requests, but did not include passwords or authentication tokens.
The breach matters because ServiceNow powers workflow automation for thousands of enterprises. Even a small data leak can reveal internal process details, giving competitors or threat actors a clearer picture of an organization’s operations. The incident also highlights the risk of default API configurations in cloud SaaS products.
ServiceNow pledged to patch the endpoint within 48 hours and urged affected customers to review their API settings. The company noted this is the second publicized exposure in the past year, after a similar issue in early 2025.