Access to AstraZeneca Databases Was in the Public Domain

AstraZeneca in the public domain
Written by Emma Davis

Due to human error, confidential customer data of the international pharmaceutical company AstraZeneca was in the public domain.

Mossab Hussain, director of security at SpiderSilk, said that in 2021, the developer left the credentials for the AstraZeneca internal server on GitHub. These credentials allowed access to the Salesforce test cloud environment that businesses often use to manage their customers, but the test environment contained some patient data.

Let me remind you that we also wrote that Russian hackers tried to steal COVID-19 research data, as well as that Many Repositories on GitHub Are Cloned and Distribute Malware.

The disclosures relate to the AZ&ME program, which provides discounts to patients who need drugs. TechCrunch reported the situation to AstraZeneca, and a few hours later the GitHub repository containing the credentials became unavailable.

The protection of personal data is extremely important to us and we strive for the highest standards and compliance with all applicable rules and laws. Due to an [sic] user error, some data records were temporarily available on a developer platform. We stopped access to this data immediately after we have been [sic] informed. We are investigating the root cause as well as assessing our regulatory obligations.AstraZeneca spokesman Patrick Barth told TechCrunch.

Barth declined to elaborate on why patient data was stored in the test environment and whether AstraZeneca has logs to determine if anyone had access to the data and what data was deleted.

Mossab Hussein

Mossab Hussein

This isn’t the first time we’ve come across leaked credentials put on Github by engineers due to human error, and it just keeps happening across the board. The risk in these accidental leaks is that they occur randomly, and the exploitation path is often straightforward (i.e., making threat actors’ jobs easier).said Mossab Hussein of SpiderSilk.

AstraZeneca is a British-Swedish pharmaceutical company registered in the UK. In the 2021 Forbes Global 2000 list of the largest public companies in the world, AstraZeneca was ranked 161st (343rd by revenue, 200th by net income, 545th by assets and 98th by market capitalization). As of March 2022, the company’s capitalization amounted to £145 billion. It is included in the list of the largest pharmaceutical companies in the world (13th place).

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.