Sisense Data Breach Exposes Millions of Customer Credentials

The Cybersecurity and Infrastructure Agency (CISA) issued an advisory following a recent data breach at Sisense, a data analytics firm. Hackers gained access to customer data, including access tokens, email account passwords, and SSH certificates, and the breach potentially affects numerous enterprises that use Sisense to manage third-party online services. CISA urges businesses to reset credentials and investigate suspicious activity, while concerned customers have expressed concerns about the limited information provided by Sisense.

Major Data Breach at Sisense Exposes Millions of Customer Credentials

Washington, D.C. - April 12, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on April 11 following a significant data breach at data analytics firm Sisense. The breach reportedly compromised millions of customer credentials and certificates, raising concerns about the potential impact on businesses worldwide.

Breach Details

According to Sisense's Chief Information Security Officer (CISO), Sangram Dash, threat actors gained unauthorized access to customer data via a security incident. The company acknowledged that "certain company information may have been made available on a restricted access server (not generally available on the internet)."

Investigators have determined that threat actors compromised Sisense's self-hosted Gitlab code repository, exploiting a credential or token to access the company's Amazon S3 buckets in the cloud. The breach resulted in the exfiltration of terabytes of customer data, including:

• Millions of access tokens
• Email account passwords
• SSH certificates

Potential Impact

Sisense provides data analytics tools for various enterprises, allowing them to integrate multiple third-party services, such as Salesforce, GitHub, Box, and BigQuery. The breach has the potential for widespread consequences due to the company's prevalence in enterprise IT environments and its role in connecting sensitive services.

CISA Advisory

CISA's advisory urges businesses to take immediate action to mitigate the potential impact of the breach. Organizations are advised to:

• Reset credentials and secrets used to access Sisense services.
• Investigate any suspicious activity involving these credentials within the past months.
• Report findings to CISA for further analysis.

Customer Response

Since the advisory was issued, numerous customers have expressed concern about the limited information provided by Sisense. Community troubleshooting forums have been flooded with inquiries and complaints.

Sisense's Response

In an effort to address the incident, Sisense has engaged industry experts and established a dedicated response team. CISO Sangram Dash has outlined specific steps for customers to minimize their risk:

• Change passwords for all Sisense-related services.
• Rotate access tokens and credentials.
• Log out of single sign-on (SSO) accounts.
• Reset user parameters.

Customers are encouraged to submit support tickets marked as critical for assistance.

Ongoing Investigation

CISA and other law enforcement agencies are actively investigating the breach to determine the full extent of the compromise and identify the responsible parties.

Recommendations for Businesses

In light of this incident, businesses are urged to:

• Implement strong cybersecurity measures, including multi-factor authentication and regular software updates.
• Monitor for suspicious activity and report any incidents promptly.
• Exercise caution when dealing with external services and vendors that handle sensitive data.
• Conduct regular security audits to identify and address vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) remains committed to providing ongoing guidance and support to ensure the security of critical infrastructure and data. For the latest information and updates, visit the CISA website at cisa.gov.