CISA calls for immediate reset of credentials after Sisense breach


The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed a breach affecting business analytics provider Sisense and urged its customers to guard their credentials.

On April 11, 2024, CISA published an opinion regarding potentially compromised Sisense customer data.

The agency is “currently working with private sector partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services.”

Sisense has not publicly confirmed or fixed the breach as of this writing.

However, cybersecurity journalist Brian Krebs said on his website that the company sent an email to its customers confirming that it had been informed that “certain Sisense company information may have been made available on what we have been informed is a restricted server.”

The author of the email, Sangram Dash, CISO of Sisense, added: “We take this matter seriously and quickly opened an investigation. » Dash continued: “We have hired leading experts to assist us in the investigation. This matter did not result in an interruption of our commercial activities.

Curbs also reported that sources with knowledge of the breach said it appears to have started when the attackers accessed the company’s Gitlab code repository. In this repository, a token or identifier allowed bad guys to access Sisense’s Amazon S3 buckets in the cloud.

CISA: Reset Credentials and Investigate

Although very little information has been fully confirmed about the breach, in its advisory, CISA urged Sisense customers to:

  • Reset all credentials and secrets potentially exposed or used to access Sisense services
  • Investigate any suspicious activity involving credentials potentially exposed or used to access Sisense Services.
  • Report any relevant findings to CISA

“We will provide updates as more information becomes available,” the agency added.

“CISA’s alert urging Sisense customers to change their credentials and report any suspicious activity coming from their information, while concerning to both Sisense and their users, is not shocking. Using a third party with access to your data always presents a risk to an organization.

Talk with Information securityDan Schiappa, director of product at Arctic Wolf, is not surprised by such a breach.

“More and more advanced cybercriminal groups are exploiting attacks like this against vendors because they see it as an opportunity to move into much larger businesses. These attackers know that if even one part of an organization’s supply chain is not secure, they can exploit this vulnerability to gain access to a wealth of private information, which could be harmful. only to this company but also to all its customers and partners. .”

Sisense is a New York-based company founded in 2004. It offers a business intelligence software platform where users can simultaneously view all their third parties and analyze associated business data.

Sisense customers come from various industry sectors, including banking and finance, telecommunications, education and healthcare.

Leave a comment