Mossab Hussain is head of security for IT startup SpiderSilk. It found data from a test cloud environment that Salesforce often uses for businesses to manage customer data. The testing environment included information about some AstraZeneca patients, particularly AZ&ME apps that offer discounts to patients in need of medication.

What is known about the leak

This isn’t the first time we’ve seen a credential leak over GitHub that ended due to human error. It happens everywhere. The danger of such random leaks is that they happen randomly and the exploitation path is usually very simple (i.e. it makes it easier for attackers),
– said Hussain in an interview with TechCrunch.

TechCrunch reporters reported the forgotten credentials on GitHub to AstraZeneca, and within a few hours the repository was rendered unusable. A representative of AstraZeneca told the publication: “The protection of personal data is of the utmost importance to us and we are committed to complying with the highest standards and all applicable laws and regulations. Due to user error, some data was temporarily available on the developer platform. We have terminated access to this data immediately after being informed. We are currently investigating the root cause and regulatory We are assessing our obligations.”.

However, a company representative declined to say why patient data was stored in the test environment and whether AstraZeneca had technical tools (such as logs) to help determine if anyone had access to it and what data, if any, was stolen. Happened.