Recent AstraZeneca Breach Illustrates Risk of Credential Leakage Across Cloud Apps

Yesterday, TechCrunch broke a story about pharmaceutical giant AstraZeneca, which experienced a leak affecting sensitive patient data. We think this incident is worth reviewing to learn more about how data exfiltration risk is distributed across the entirety of an organization’s SaaS infrastructure.

What happened?

AstraZeneca left credentials to an internal server on GitHub in early 2021, with the credentials granting access to a test Salesforce Cloud environment containing some patient data. The GitHub repository appears to have been public, as once TechCrunch reported the exposure to AstraZeneca, the repo was no longer accessible hours later. It’s not clear who, if anyone, accessed this data, but doing so will have been trivial and the company will likely have to treat this as a security incident.

Are incidents like this common?

For organizations in the cloud, this can be extremely problematic, as this effectively makes your entire SaaS stack one singular attack surface. Consider, for example, September’s Uber breach, where the exposure of a single password granted the threat actor entry into all other systems. This is a rather extreme case, but like many of the other breaches we’ve covered before, illustrative of the risk posed by unintentional leakage of sensitive data.

What needs to be done to address this issue?

What this illustrates is that leakage in one cloud app, effectively means leakage in all others, especially if an app is leaking credentials and secrets. Addressing this requires adopting and applying the same security policies across all of your cloud applications. For example, if engineers in your org shouldn’t store passwords in Slack, then hard coding passwords within code in GitHub should also be prohibited.

In order to ensure employees are following these best practices across all applications, you’ll need a tool that can provide equal visibility within each application, while allowing you to take contextually relevant actions to remediate violations of best practices. This will enable continuous security and compliance and ensure that sensitive data leakage is not a common occurrence across your organization.

This is what Nightfall does. At its core, Nightfall is an API-driven data protection application that integrates with the most popular cloud services using OAuth, meaning that you can get started in just minutes. Using Nightfall’s machine learning detectors, you can tell the platform what type of data you want to prevent from leaking in your cloud applications—including passwords and other secrets—and Nightfall’s machine learning detectors will find these items in images, files, messages, and more. Using Nightfall’s policy engine, you can automate remediation of violations. Redact messages in Slack containing sensitive data like SSNs or API keys, limit permissions of any Google Drive files containing business-critical information, and much more.

To learn more about Nightfall, schedule a meeting with us.