Sisense 資料外洩暴露了數百萬客戶憑證

資料分析公司 Sisense 在最近發生資料外洩事件後，網路安全與基礎設施局 (CISA) 發布了一份公告。駭客獲得了客戶資料的存取權限，包括存取權杖、電子郵件帳戶密碼和 SSH 證書，此次外洩可能會影響眾多使用 Sisense 管理第三方線上服務的企業。 CISA 敦促企業重置憑證並調查可疑活動，而憂心忡忡的客戶則對 Sisense 提供的有限資訊表示擔憂。

Major Data Breach at Sisense Exposes Millions of Customer Credentials

Sisense 的重大資料外洩暴露了數百萬客戶憑證

Washington, D.C. - April 12, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on April 11 following a significant data breach at data analytics firm Sisense. The breach reportedly compromised millions of customer credentials and certificates, raising concerns about the potential impact on businesses worldwide.

華盛頓特區 - 2023 年 4 月 12 日 - 在資料分析公司 Sisense 發生重大資料外洩事件後，網路安全和基礎設施安全局 (CISA) 於 4 月 11 日發布了緊急諮詢。據報道，這次洩漏破壞了數百萬客戶憑證和證書，引發了人們對全球企業潛在影響的擔憂。

Breach Details

違規詳情

According to Sisense's Chief Information Security Officer (CISO), Sangram Dash, threat actors gained unauthorized access to customer data via a security incident. The company acknowledged that "certain company information may have been made available on a restricted access server (not generally available on the internet)."

Sisense 首席資訊安全長 (CISO) Sangram Dash 表示，威脅行為者透過安全事件未經授權存取了客戶資料。該公司承認「某些公司資訊可能已在受限存取伺服器上提供（通常在網路上不可用）」。

Investigators have determined that threat actors compromised Sisense's self-hosted Gitlab code repository, exploiting a credential or token to access the company's Amazon S3 buckets in the cloud. The breach resulted in the exfiltration of terabytes of customer data, including:

調查人員已確定威脅行為者破壞了 Sisense 自託管的 Gitlab 程式碼儲存庫，利用憑證或代幣存取該公司在雲端的 Amazon S3 儲存桶。此次洩露導致數 TB 的客戶資料洩露，其中包括：

• Millions of access tokens
• Email account passwords
• SSH certificates

Potential Impact

數百萬個存取權杖電子郵件帳號密碼SSH 憑證潛在影響

Sisense provides data analytics tools for various enterprises, allowing them to integrate multiple third-party services, such as Salesforce, GitHub, Box, and BigQuery. The breach has the potential for widespread consequences due to the company's prevalence in enterprise IT environments and its role in connecting sensitive services.

Sisense 為各種企業提供資料分析工具，讓他們可以整合多個第三方服務，例如 Salesforce、GitHub、Box 和 BigQuery。由於該公司在企業 IT 環境中的普遍存在及其在連接敏感服務方面的作用，此次違規行為可能會造成廣泛的後果。

CISA Advisory

CISA諮詢

CISA's advisory urges businesses to take immediate action to mitigate the potential impact of the breach. Organizations are advised to:

CISA 的建議敦促企業立即採取行動，減輕此次洩漏的潛在影響。建議各組織：

• Reset credentials and secrets used to access Sisense services.
• Investigate any suspicious activity involving these credentials within the past months.
• Report findings to CISA for further analysis.

Customer Response

重置用於存取 Sisense 服務的憑證和機密 調查過去幾個月內涉及這些憑證的任何可疑活動。

Since the advisory was issued, numerous customers have expressed concern about the limited information provided by Sisense. Community troubleshooting forums have been flooded with inquiries and complaints.

自該公告發布以來，眾多客戶對 Sisense 提供的有限資訊表示擔憂。社區故障排除論壇充斥著查詢和投訴。

Sisense's Response

Sixense 的回應

In an effort to address the incident, Sisense has engaged industry experts and established a dedicated response team. CISO Sangram Dash has outlined specific steps for customers to minimize their risk:

為了解決這一事件，Sisense 聘請了行業專家並成立了專門的回應團隊。 CISO Sangram Dash 為客戶概述了最大限度降低風險的具體步驟：

• Change passwords for all Sisense-related services.
• Rotate access tokens and credentials.
• Log out of single sign-on (SSO) accounts.
• Reset user parameters.

Customers are encouraged to submit support tickets marked as critical for assistance.

變更所有 Sisense 相關服務的密碼。

Ongoing Investigation

正在進行的調查

CISA and other law enforcement agencies are actively investigating the breach to determine the full extent of the compromise and identify the responsible parties.

CISA 和其他執法機構正在積極調查此違規行為，以確定受損的全部範圍並確定責任方。

Recommendations for Businesses

對企業的建議

In light of this incident, businesses are urged to:

有鑑於此事件，敦促企業：

• Implement strong cybersecurity measures, including multi-factor authentication and regular software updates.
• Monitor for suspicious activity and report any incidents promptly.
• Exercise caution when dealing with external services and vendors that handle sensitive data.
• Conduct regular security audits to identify and address vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) remains committed to providing ongoing guidance and support to ensure the security of critical infrastructure and data. For the latest information and updates, visit the CISA website at cisa.gov.

實施強有力的網路安全措施，包括多因素身份驗證和定期軟體更新。識別和解決漏洞。有關最新資訊和更新，請造訪 CISA 網站 cisa.gov。