Summary

  • Security researchers discovered credentials for one of AstraZeneca’s internal servers on the code sharing platform, GitHub, which enabled them to access the company’s Salesforce Cloud.
  • The Salesforce environment contained sensitive patient data. If it had been stolen or exposed, this would’ve resulted in a HIPAA violation.
  • The incident reinforces the risk that a credentials leak in a singular SaaS application can trigger a domino effect of data breaches in several more.
  • To prevent this from happening, organizations must take a unified, holistic approach to SaaS security, making use of consistent security policies and tools for every SaaS app they use.

This week, the pharmaceutical giant, AstraZeneca, hit the headlines after security researchers discovered credentials for one of the company’s internal servers on the code sharing platform, GitHub.

While this is a relatively small-scale breach, there are a lot of lessons here about the risks of data exfiltration across SaaS environments. Here’s everything you need to know. 

What happened in the AstraZeneca data leak?

It appears that, back in 2021, an AstraZeneca employee accidentally left their Salesforce Cloud login credentials exposed in a public GitHub repository used by the company. 

Flashforward to 2022 and security researchers found the GitHub repository while doing some digging. With these credentials, they managed to login to one of AstraZeneca’s test Salesforce cloud environments, which are often used by organizations to manage customer relationships. Or in this case, patient relationships. 

You see, the security researchers stumbled across some sensitive patient data within the Salesforce cloud environment—the kind that, if stolen or exposed, would result in an immediate HIPAA violation. 

In this instance, TechCrunch quickly reported the data exposure to AstraZeneca, and the GitHub repository was made private within hours.

At the same time, though, we don’t know if anyone else, such as a malicious entity, might have discovered the GitHub repository in the last 18 months. If they did, chances are they wouldn’t have been so kind as to report it! 

Could the same happen in my organization?

In its article about the incident, TechCrunch noted that breaches like this are increasingly a problem—and we are inclined to agree. The more SaaS apps an organizations uses, the broader their attack surface. Hackers just need to find one data leak in one SaaS app to exploit your infrastructure. 

Nothing illustrates this better than the recent Uber breach, where hackers managed to use one password to gain entry to Uber’s entire infrastructure. 

How to prevent SaaS data leakage and the domino effect 

The AstraZeneca incident reinforces the risk that a credentials leak in a singular SaaS application can trigger a domino effect of data breaches in several more. To prevent this from happening, organizations must take a unified, holistic approach to SaaS security, making use of consistent security policies and tools for every SaaS app they use. 

So, if you don’t allow employees to store their credentials in Google Workspace, then they shouldn’t be able to store their passwords in GitHub either. 

Of course, creating policies and people actually following them is another matter. While employee training is undeniably important, you need to put in place a tool that enforces your policies in the event an employee makes a mistake—like leaving their credentials exposed in GitHub! 

This is where SaaS data loss prevention solutions like Polymer DLP come in. Our DLP tool delivers 24/7 security and compliance across your SaaS applications, discovering and remediating potential data leaks before they’re discovered by unauthorized users. 

Using the power of automation, Polymer DLP scans your SaaS apps for evidence of sensitive data, such as credentials, protected health information, financial data and more. From there, the tool uses pre-built policy templates to decide the best course of action for the data it discovers, be it redaction, encryption or alerting your administrators.

The tool also works in real-time. So, if a user tries to share sensitive information–unstructured or structured–with an unauthorized recipient, Polymer DLP will prohibit the action, keeping your data safe. 

Find out more about how Polymer DLP can help you today. Request a demo.

Polymer is a no-code data loss prevention (DLP) platform that allows companies to monitor, auto-remediate, and apply behavioral techniques to reduce the risk of insider threats, sensitive data misuse, and leakage over third-party SaaS apps. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.