Palo Alto Networks exposes customer support cases and attachments
By MYBRANDBOOK
A bug in the support dashboard of Palo Alto Networks (PAN), a leading provider of cybersecurity and networking products and firewalls, exposed thousands of customer support tickets to an unauthorized individual.
The information included names and (business) contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer. The company said it has now fixed the issue.
A misconfiguration in the support system of Palo Alto Networks allowed sensitive information disclosure, letting a customer access private support tickets from other companies. A PAN customer discovered the issue this month and reported it to Palo Alto Networks staff.
Some of these support cases had file attachments such as firewall logs, configuration dumps, network security group (NSG) layouts, images of error messages, and similar internal files shared by customers with Palo Alto Networks for troubleshooting purposes.
Some other information exposed in the support tickets included contact name, title, email address and phone number of the customer creating the tickets, contents of conversations between PAN support staff and customers, PAN Product serial number and model and case numbers, subject line, and request severity.
PAN said that no data was downloaded and implies that the scope of the leak remained limited to just one customer. However, the bug fix took approximately eight days, after which the customer's access to the 1,900 unrelated tickets was revoked.
A Palo Alto Networks spokesperson said, “We were notified of an issue that allowed an authorized customer to view a small subset of support cases, which they typically would not be able to view. We immediately initiated an investigation and identified it was due to a permission misconfiguration error in a support system. Our analysis confirmed no data was downloaded or altered, and the issue was immediately remediated.”
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : NIKHIL RATHI
Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...
Icons Of India : NEERAJ MITTAL
He started his career as an IAS Officer in 1992. He has held various a...
Icons Of India : NATARAJAN CHANDRASEKARAN
Natarajan Chandrasekaran (Chandra) is the Chairman of Tata Sons, the h...
RailTel Corporation of India Limited
RailTel is a leading telecommunications infrastructure provider in Ind...
ECIL - Electronics Corporation of India Limited
ECIL is distinguished by its diverse technological capabilities and it...
EESL - Energy Efficiency Services Limited
EESL is uniquely positioned in India’s energy sector to address ener...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...