AstraZeneca password lapse exposed patient data

Here’s today’s example of “No Need to Hack When It’s Leaking.”  Zack Whittaker reports:

Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.

Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said.

Read more at TechCrunch.

 

About the author: Dissent

Comments are closed.