Palo Alto Networks Bug Exposed Customer Support Ticket Information

A cybersecurity expert said that fortunately the exposed data is not easily usable.

Human error is behind a bug that would have exposed thousands of Palo Alto Networks customer support tickets to an unauthorized person.

According to BleepingComputer, the information exposed included the names and business contact details of the person creating support tickets. It also included conversations between Palo Alto Networks staff members and the customer.

Some support tickets contained attachments. These include firewall logs, configuration dumps, and other debugging assets shared with Palo Alto Networks personnel by customers.

A Palo Alto Networks customer who discovered the leak told BleepingComputer that he could see nearly 1,990 support cases that didn’t belong to him or his organization.

Palo Alto Networks sent us the following statement:

“The safety of our customers is our top priority,” he said. “Due to human error by Palo Alto Networks, a single user at one of our customers was inadvertently granted permission to access a support system, potentially allowing access to a number limited number of support cases for a small subset of customers within a single cloud instance.”

Palo Alto Networks says it has corrected the authorization.

“We will notify customers if necessary,” he said.

Palo Alto Networks remains confident that its products and services are secure.

The Palo Alto Networks Problem Isn’t Unique

Symmetry’s Mohit Tiwari

Mohit Tiwari is co-founder and CEO of cloud security provider Symmetry Systems.

“Palo Alto Networks’ problem is not unique,” he said. “Most web applications have tens of millions of lines of code, most of which come from the framework and libraries used to build the application. It is impossible to make such a large application bug-free. And the Palo Alto Networks app probably had an error that allowed a user to read other people’s data. What really matters is that customer data must have safety belts even if the applications or identities using the data are compromised.

Companies need to anchor their security program with visibility into their “crown jewels,” Tiwari said. They then use it to detect when a compromised user or app is misbehaving, he said.

John Bambenek is the main threat hunter at Netenrich. He said that if a malicious third party accessed the data, they could misuse it “based on the data included in the configuration dumps.”

“The data, fortunately, is not easily usable,” he said. “But [it] could be useful for sophisticated actors who want to go slow and low in a victim environment. It looks like Palo Alto Networks took the time to investigate and come up with a reasonable response.

Joseph P. Harris