A breach at data analytics firm Sisense has prompted CISA [1] [2] [3] [4] [5] [6] [7] and private industry partners to urge customers to reset credentials and investigate suspicious activity. Security researchers warn of unauthorized access to Sisense’s GitLab code repository and Amazon S3 buckets, raising concerns about third-party vendor security risks.
Description
CISA, in collaboration with private industry partners [2] [4] [6], is responding to a compromise at data analytics firm Sisense [3], urging customers to reset their credentials and investigate any suspicious activity related to potentially exposed credentials used to access Sisense services [4] [6]. Security researchers warn of widespread impacts [3], with threat actors gaining unauthorized access to Sisense’s GitLab code repository and Amazon S3 buckets in the cloud. This breach has raised concerns about the security of third-party vendors and the risks they pose to organizations and their customers. Sisense’s Chief Information Security Officer, Sangram Dash [2], is leading an ongoing investigation, with a focus on identifying the extent of the breach and any potential impact on customers. Recent attacks targeting developers and Linux distributions have highlighted the increasing prevalence of supply chain risks. Infosec professionals recommend that customers monitor for unusual activity and reset API keys as a precautionary measure. Mitigation measures include resetting keys [3], tokens [3], and credentials [1] [3] [4] [5], with potential data overlap still residing at Sisense [3]. Hyperproof has terminated its relationship with Sisense due to the company’s access to confidential data sources of customers. CISA has declined further comment on the breach, leaving many questions unanswered about the scope and implications of the incident. Sisense customers were alerted by CISA to reset credentials and secrets following a recent breach of Sisense’s AI-based data analytics services [7]. Concerns were raised about a potential supply chain attack [7], with attackers targeting integrated data sources such as Athena [7], Azure Synapse [7], Databricks [7], and others. The breach was first reported on April 10 [7], with little information available on the specifics [7]. Organizations are advised to rotate their credentials and secrets shared with Sisense to mitigate the potential impact of the breach [7].
Conclusion
The breach at Sisense highlights the importance of monitoring for unusual activity, resetting API keys [2], and rotating credentials to mitigate supply chain risks. Organizations must remain vigilant in safeguarding their data and collaborating with trusted partners to enhance cybersecurity measures.
References
[1] https://www.infosecurity-magazine.com/news/cisa-urges-reset-sisense-breach/
[2] https://www.techtarget.com/searchsecurity/news/366580595/CISA-discloses-Sisence-breach-customer-data-compromised
[3] https://www.cybersecuritydive.com/news/sisense-compromise-impact/713074/
[4] https://www.crn.com/news/security/2024/analytics-firm-sisense-hit-with-data-breach-cisa
[5] https://www.darkreading.com/threat-intelligence/sisense-breach-triggers-cisa-password-reset-advisory
[6] https://heimdalsecurity.com/blog/cisa-urges-sisense-customers-to-reset-credentials/
[7] https://www.scmagazine.com/news/sisense-customers-told-to-reset-credentials-amid-supply-chain-attack-fears