AstraZeneca Password Breach Exposes Sensitive Patient Data

Laiba MohsinLast Updated: Nov 4, 2022
AstraZeneca

According to the latest reports, AstraZeneca has exposed patient data due to a password breach. The pharma giant blamed “user error” for leaving a list of credentials online for more than a year which resulted in the exposure of sensitive patient data.

AstraZeneca Password Breach Reveals Patient data

Mossab Hussein, the chief security officer at cybersecurity startup SpiderSilk recently told that a developer left the credentials for an AstraZeneca internal server on the code-sharing site GitHub in 2021. As a result, the credentials allowed access to a test Salesforce cloud environment, that is used by businesses to manage their customers. However, the test environment contained some patient data as well. Some of the data is related to AZ&ME applications, which offer discounts to patients who need medications. Details of the exposed credentials were provided to AstraZeneca and the GitHub repository. The credentials were inaccessible hours later.

AstraZeneca spokesperson Patrick Barth stated:

“The protection of personal data is extremely important to us and we strive for the highest standards and compliance with all applicable rules and laws. Due to an [sic] user error, some data records were temporarily available on a developer platform. We stopped access to this data immediately after we have been [sic] informed. We are investigating the root cause as well as assessing our regulatory obligations.”

Hussein further stated:

“This isn’t the first time we’ve come across leaked credentials put on Github by engineers due to human error, and it just keeps happening across the board. The risk in accidental leaks is they occur randomly, and the exploitation path is often straightforward (i.e. making threat actors’ jobs easier).”

Credentials, including usernames and passwords, are exposed or published to sites like GitHub and are an increasingly common discovery for security researchers like SpiderSilk’s Hussein. Hussein discovered credentials belonging to Microsoft employees in August that were posted inadvertently to GitHub, which Microsoft owns.

Also Read: Date of HBO Max & Discovery Plus Merger Moves Up – (phoneworld.com.pk)

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Laiba MohsinLast Updated: Nov 4, 2022
Photo of Laiba Mohsin

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>