Cloud technology giant ServiceNow has warned some of its enterprise customers that a software bug on its platform allowed any internet user to access their data. In a statement, the company said that security researchers were behind this breach, not malicious actors.

The issue relates to customer instances running Australia releases, although several people on Reddit claim to have found evidence of external access to ServiceNow instances running other versions of its software. A specific IP address, 51.159.98.241, is being flagged as a potential indicator of data access.

ServiceNow stated that the bug was patched and clarified that no customer data had been used or retained by the security researchers who reported it. However, the incident raises questions about whether customers could have protected themselves from improper access prior to the patch.

Given ServiceNow’s role in automating internal business processes for thousands of enterprise clients, this bug highlights the potential risks associated with storing sensitive data in cloud platforms. As companies increasingly rely on such systems to handle critical tasks, security incidents like these become more than just technical issues—they represent serious threats to privacy and corporate integrity.