Palo Alto Networks exposes customer support cases and attachments
By MYBRANDBOOK
A bug in the support dashboard of Palo Alto Networks (PAN), a leading provider of cybersecurity and networking products and firewalls, exposed thousands of customer support tickets to an unauthorized individual.
The information included names and (business) contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer. The company said it has now fixed the issue.
A misconfiguration in the support system of Palo Alto Networks allowed sensitive information disclosure, letting a customer access private support tickets from other companies. A PAN customer discovered the issue this month and reported it to Palo Alto Networks staff.
Some of these support cases had file attachments such as firewall logs, configuration dumps, network security group (NSG) layouts, images of error messages, and similar internal files shared by customers with Palo Alto Networks for troubleshooting purposes.
Some other information exposed in the support tickets included contact name, title, email address and phone number of the customer creating the tickets, contents of conversations between PAN support staff and customers, PAN Product serial number and model and case numbers, subject line, and request severity.
PAN said that no data was downloaded and implies that the scope of the leak remained limited to just one customer. However, the bug fix took approximately eight days, after which the customer's access to the 1,900 unrelated tickets was revoked.
A Palo Alto Networks spokesperson said, “We were notified of an issue that allowed an authorized customer to view a small subset of support cases, which they typically would not be able to view. We immediately initiated an investigation and identified it was due to a permission misconfiguration error in a support system. Our analysis confirmed no data was downloaded or altered, and the issue was immediately remediated.”
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
RELIANCE JIO INFOCOMM LTD.
TEJAS NETWORKS INDIA PVT. LTD.
AMARA RAJA POWER SYSTEMS LTD.
INFOSYS TECHNOLOGIES PVT. LTD.
ICONS OF INDIA : RITESH AGARWAL
Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...
ICONS OF INDIA : RAJESH NAMBIAR
Rajesh leads the company’s India associates and enhances relationshi...
Icons Of India : NEERAJ MITTAL
He started his career as an IAS Officer in 1992. He has held various a...
ECIL - Electronics Corporation of India Limited
ECIL is distinguished by its diverse technological capabilities and it...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
ITI - ITI Limited
ITI Limited is a leading provider of telecommunications equipment, sol...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...