AstraZeneca Password Breach Reveals Patient data
Mossab Hussein, the chief security officer at cybersecurity startup SpiderSilk recently told that a developer left the credentials for an AstraZeneca internal server on the code-sharing site GitHub in 2021. As a result, the credentials allowed access to a test Salesforce cloud environment, that is used by businesses to manage their customers. However, the test environment contained some patient data as well. Some of the data is related to AZ&ME applications, which offer discounts to patients who need medications. Details of the exposed credentials were provided to AstraZeneca and the GitHub repository. The credentials were inaccessible hours later. AstraZeneca spokesperson Patrick Barth stated: Hussein further stated: Credentials, including usernames and passwords, are exposed or published to sites like GitHub and are an increasingly common discovery for security researchers like SpiderSilk’s Hussein. Hussein discovered credentials belonging to Microsoft employees in August that were posted inadvertently to GitHub, which Microsoft owns. Also Read: Date of HBO Max & Discovery Plus Merger Moves Up – (phoneworld.com.pk)
