CISA Urges Immediate Credential Reset After Sisense Breach

Written by

The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a breach affecting business analytics provider Sisense and urged its customers to rest their credentials.

On April 11, 2024, CISA issued an advisory regarding Sisense customer data being potentially compromised.

The agency is "currently collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services."

Sisense has not publicly confirmed or addressed the breach at the time of writing.

However, cybersecurity reporter Brian Krebs said on his website that the company sent an email to its customers confirming that it was made aware that “certain Sisense company information may have been made available on what we have been advised is a restricted access server.”

The email's author, Sisense’s CISO Sangram Dash, added, “We are taking this matter seriously and promptly commenced an investigation.” Dash continued, “We engaged industry-leading experts to assist us with the investigation. This matter has not resulted in an interruption to our business operations.

Kerbs has also reported that sources with knowledge of the breach have said it appears to have started when the attackers gained access to the company’s Gitlab code repository. In that repository, a token or credential gave the bad guys access to Sisense’s Amazon S3 buckets in the cloud.

CISA: Reset Credentials and Investigate

Although very little information has been fully confirmed about the breach, in its advisory, CISA urged Sisense customers to:

  • Reset all credentials and secrets potentially exposed to or used to access Sisense services
  • Investigate any suspicious activity involving credentials potentially exposed to or used to access Sisense services
  • Report any relevant findings to CISA

“We will provide updates as more information becomes available,” added the agency.

“CISA’s alert urging Sisense customers to change their credentials and to report any suspicious activity stemming from their information, while concerning for both Sisense and their users, isn't shocking. Using a third party with access to your data always introduces risk to an organization.

Speaking with Infosecurity, Dan Schiappa, chief product officer at Arctic Wolf, is not surprised by such a breach.

“More and more, we see advanced threat groups leveraging attacks like this on vendors because they recognize it as an opportunity to leapfrog into much larger companies. These attackers know that if even one element of an organization's supply chain is insecure, they can exploit that vulnerability to gain access to a wealth of private information – which could be detrimental to not just that company but to all of its customers and partners as well.”

Sisense is a New York-based company founded in 2004. It offers a business intelligence software platform where users can visualize all their third parties simultaneously – and analyze associated business data.

Sisense customers come from various industry verticals, including banking and finance, telecommunications, education and healthcare.

What’s hot on Infosecurity Magazine?