Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.
Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said.
Some of the data related to AZ&ME applications, which offers discounts to patients who need medications.
TechCrunch provided details of the exposed credentials to AstraZeneca, and the GitHub repository containing the credentials was inaccessible hours later.
