- Jun 7, 2022
- 149
Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.
Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said.
AstraZeneca password lapse exposed patient data
Internal passwords were online for more than a year before a good-faith security researcher found them.
techcrunch.com