Webinar: Join us, Tues 5/24. Nightfall & Hanzo experts will discuss how machine learning can enhance data governance, data security, and the efficiency of legal investigations. Register now ⟶

Blog 2 min read

Recent AstraZeneca Breach Illustrates Risk of Credential Leakage Across Cloud Apps

by Michael Osakwe Published Nov 04, 2022

Yesterday, TechCrunch broke a story about pharmaceutical giant AstraZeneca, which experienced a leak affecting sensitive patient data. We think this incident is worth reviewing to learn more about how data exfiltration risk is distributed across the entirety of an organization’s SaaS infrastructure.

What happened?

AstraZeneca left credentials to an internal server on GitHub in early 2021, with the credentials granting access to a test Salesforce Cloud environment containing some patient data. The GitHub repository appears to have been public, as once TechCrunch reported the exposure to AstraZeneca, the repo was no longer accessible hours later. It’s not clear who, if anyone, accessed this data, but doing so will have been trivial and the company will likely have to treat this as a security incident.

Are incidents like this common?

For organizations in the cloud, this can be extremely problematic, as this effectively makes your entire SaaS stack one singular attack surface. Consider, for example, September’s Uber breach, where the exposure of a single password granted the threat actor entry into all other systems. This is a rather extreme case, but like many of the other breaches we’ve covered before, illustrative of the risk posed by unintentional leakage of sensitive data.

What needs to be done to address this issue?

What this illustrates is that leakage in one cloud app, effectively means leakage in all others, especially if an app is leaking credentials and secrets. Addressing this requires adopting and applying the same security policies across all of your cloud applications. For example, if engineers in your org shouldn’t store passwords in Slack, then hard coding passwords within code in GitHub should also be prohibited.

In order to ensure employees are following these best practices across all applications, you’ll need a tool that can provide equal visibility within each application, while allowing you to take contextually relevant actions to remediate violations of best practices. This will enable continuous security and compliance and ensure that sensitive data leakage is not a common occurrence across your organization.

This is what Nightfall does. At its core, Nightfall is an API-driven data protection application that integrates with the most popular cloud services using OAuth, meaning that you can get started in just minutes. Using Nightfall’s machine learning detectors, you can tell the platform what type of data you want to prevent from leaking in your cloud applications—including passwords and other secrets—and Nightfall’s machine learning detectors will find these items in images, files, messages, and more. Using Nightfall’s policy engine, you can automate remediation of violations. Redact messages in Slack containing sensitive data like SSNs or API keys, limit permissions of any Google Drive files containing business-critical information, and much more.

To learn more about Nightfall, schedule a meeting with us through the calendar below.

Subscribe to our newsletter

Receive our latest content and updates

Nightfall logo icon

About Nightfall

Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.

 

Schedule a Demo

Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at sales@nightfall.ai.

call to action

See Nightfall in action.

Schedule a demo