Palo Alto Networks exposes customer support cases and attachments
By MYBRANDBOOK
A bug in the support dashboard of Palo Alto Networks (PAN), a leading provider of cybersecurity and networking products and firewalls, exposed thousands of customer support tickets to an unauthorized individual.
The information included names and (business) contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer. The company said it has now fixed the issue.
A misconfiguration in the support system of Palo Alto Networks allowed sensitive information disclosure, letting a customer access private support tickets from other companies. A PAN customer discovered the issue this month and reported it to Palo Alto Networks staff.
Some of these support cases had file attachments such as firewall logs, configuration dumps, network security group (NSG) layouts, images of error messages, and similar internal files shared by customers with Palo Alto Networks for troubleshooting purposes.
Some other information exposed in the support tickets included contact name, title, email address and phone number of the customer creating the tickets, contents of conversations between PAN support staff and customers, PAN Product serial number and model and case numbers, subject line, and request severity.
PAN said that no data was downloaded and implies that the scope of the leak remained limited to just one customer. However, the bug fix took approximately eight days, after which the customer's access to the 1,900 unrelated tickets was revoked.
A Palo Alto Networks spokesperson said, “We were notified of an issue that allowed an authorized customer to view a small subset of support cases, which they typically would not be able to view. We immediately initiated an investigation and identified it was due to a permission misconfiguration error in a support system. Our analysis confirmed no data was downloaded or altered, and the issue was immediately remediated.”
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
ATRIE TECHNOLOGY PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
POLYCAB INDIA PVT. LTD.
NETWEB TECHNOLOGIES INDIA LTD.
Technology Icons Of India 2023: Roshni Nadar Malhotra
Roshni Nadar Malhotra is an Indian billionaire businesswoman and the c...
Technology Icons Of India 2023: Bhavish Aggarwal
Ola CEO Bhavish Aggarwal had formed Ola-India’s largest mobility pla...
Technology Icons Of India 2023: Anil Kumar Aggarwal
Anil Agarwal is an Indian billionaire businessman who is the founder a...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...