Palo Alto Networks Bug Exposed Customer Support Ticket Information

Human error is behind a bug that reportedly exposed thousands of Palo Alto Networks customer support tickets to an unauthorized individual.

According to BleepingComputer, exposed information included the names and business contact information of the person creating support tickets. It also included conversations between Palo Alto Networks staff members and the customer.

Some support tickets contained attachments. Those include firewall logs, configuration dumps and other debugging assets shared with Palo Alto Networks’ staff by customers.

A Palo Alto Networks customer who discovered the leak told BleepingComputer that they could see nearly 1,990 support cases that did not belong to them or their organization.

Palo Alto Networks sent us the following statement:

“The security of our customers is our top priority,” it said. “Due to a Palo Alto Networks human error, a single user at one of our customers was inadvertently granted user permission to a support system, potentially allowing access to a limited number of support cases for a small subset of customers within a single cloud instance.”

Palo Alto Networks says it has corrected the permission.

“We will notify customers as necessary,” it said.

Palo Alto Networks remains confident that its products and services are secure.

Palo Alto Networks Problem Not Unique

Symmetry’s Mohit Tiwari

Mohit Tiwari is co-founder and CEO of cloud security provider Symmetry Systems.

“Palo Alto Networks’ problem is not unique,” he said. “Most web applications have tens of millions of lines of code, most of it from the framework and libraries used to build the application. Making such a large application bug free is impossible. And Palo Alto Networks application likely had an error that allowed a user to read others’ data. What really matters is that customer data should have seatbelts even if applications or identities that use the data are compromised.”

Companies must root their security program with visibility into their “crown jewels,” Tiwari said. They then use this to detect when a compromised user or application misbehaves, he said.

John Bambenek is principal threat hunter at Netenrich. He said if a malicious third party accessed the data, they could misuse it “depending on what data was included in configuration dumps.”

“The data, luckily, is not easily usable,” he said. “But [it] could be useful for sophisticated actors who want to go slow and low in a victim environment. It does look like Palo Alto Networks took the time to investigate and have a reasonable response.”