Sisense 数据泄露暴露了数百万客户凭证

数据分析公司 Sisense 最近发生数据泄露事件后，网络安全和基础设施局 (CISA) 发布了一份公告。黑客获得了客户数据的访问权限，包括访问令牌、电子邮件帐户密码和 SSH 证书，此次泄露可能会影响众多使用 Sisense 管理第三方在线服务的企业。 CISA 敦促企业重置凭证并调查可疑活动，而忧心忡忡的客户则对 Sisense 提供的有限信息表示担忧。

Major Data Breach at Sisense Exposes Millions of Customer Credentials

Sisense 的重大数据泄露暴露了数百万客户凭证

Washington, D.C. - April 12, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on April 11 following a significant data breach at data analytics firm Sisense. The breach reportedly compromised millions of customer credentials and certificates, raising concerns about the potential impact on businesses worldwide.

华盛顿特区 - 2023 年 4 月 12 日 - 在数据分析公司 Sisense 发生重大数据泄露事件后，网络安全和基础设施安全局 (CISA) 于 4 月 11 日发布了紧急咨询。据报道，此次泄露破坏了数百万客户凭证和证书，引发了人们对全球企业潜在影响的担忧。

Breach Details

违规详情

According to Sisense's Chief Information Security Officer (CISO), Sangram Dash, threat actors gained unauthorized access to customer data via a security incident. The company acknowledged that "certain company information may have been made available on a restricted access server (not generally available on the internet)."

Sisense 首席信息安全官 (CISO) Sangram Dash 表示，威胁行为者通过安全事件未经授权访问了客户数据。该公司承认“某些公司信息可能已在受限访问服务器上提供（通常在互联网上不可用）”。

Investigators have determined that threat actors compromised Sisense's self-hosted Gitlab code repository, exploiting a credential or token to access the company's Amazon S3 buckets in the cloud. The breach resulted in the exfiltration of terabytes of customer data, including:

调查人员已确定威胁行为者破坏了 Sisense 自托管的 Gitlab 代码存储库，利用凭证或令牌访问该公司在云中的 Amazon S3 存储桶。此次泄露导致数 TB 的客户数据被泄露，其中包括：

• Millions of access tokens
• Email account passwords
• SSH certificates

Potential Impact

数百万个访问令牌电子邮件帐户密码SSH 证书潜在影响

Sisense provides data analytics tools for various enterprises, allowing them to integrate multiple third-party services, such as Salesforce, GitHub, Box, and BigQuery. The breach has the potential for widespread consequences due to the company's prevalence in enterprise IT environments and its role in connecting sensitive services.

Sisense 为各种企业提供数据分析工具，允许他们集成多个第三方服务，例如 Salesforce、GitHub、Box 和 BigQuery。由于该公司在企业 IT 环境中的普遍存在及其在连接敏感服务方面的作用，此次违规行为可能会造成广泛的后果。

CISA Advisory

CISA咨询

CISA's advisory urges businesses to take immediate action to mitigate the potential impact of the breach. Organizations are advised to:

CISA 的建议敦促企业立即采取行动，减轻此次泄露的潜在影响。建议各组织：

• Reset credentials and secrets used to access Sisense services.
• Investigate any suspicious activity involving these credentials within the past months.
• Report findings to CISA for further analysis.

Customer Response

重置用于访问 Sisense 服务的凭据和机密。调查过去几个月内涉及这些凭据的任何可疑活动。向 CISA 报告调查结果以供进一步分析。客户响应

Since the advisory was issued, numerous customers have expressed concern about the limited information provided by Sisense. Community troubleshooting forums have been flooded with inquiries and complaints.

自该公告发布以来，众多客户对 Sisense 提供的有限信息表示担忧。社区故障排除论坛充斥着查询和投诉。

Sisense's Response

Sixense 的回应

In an effort to address the incident, Sisense has engaged industry experts and established a dedicated response team. CISO Sangram Dash has outlined specific steps for customers to minimize their risk:

为了解决这一事件，Sisense 聘请了行业专家并成立了专门的响应团队。 CISO Sangram Dash 为客户概述了最大限度降低风险的具体步骤：

• Change passwords for all Sisense-related services.
• Rotate access tokens and credentials.
• Log out of single sign-on (SSO) accounts.
• Reset user parameters.

Customers are encouraged to submit support tickets marked as critical for assistance.

更改所有 Sisense 相关服务的密码。轮换访问令牌和凭据。注销单点登录 (SSO) 帐户。重置用户参数。鼓励客户提交标记为需要帮助的支持票证。

Ongoing Investigation

正在进行的调查

CISA and other law enforcement agencies are actively investigating the breach to determine the full extent of the compromise and identify the responsible parties.

CISA 和其他执法机构正在积极调查此次违规行为，以确定受损的全部范围并确定责任方。

Recommendations for Businesses

对企业的建议

In light of this incident, businesses are urged to:

鉴于此事件，敦促企业：

• Implement strong cybersecurity measures, including multi-factor authentication and regular software updates.
• Monitor for suspicious activity and report any incidents promptly.
• Exercise caution when dealing with external services and vendors that handle sensitive data.
• Conduct regular security audits to identify and address vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) remains committed to providing ongoing guidance and support to ensure the security of critical infrastructure and data. For the latest information and updates, visit the CISA website at cisa.gov.

实施强有力的网络安全措施，包括多因素身份验证和定期软件更新。监控可疑活动并及时报告任何事件。在与处理敏感数据的外部服务和供应商打交道时要小心谨慎。定期进行安全审计，以识别和解决漏洞。网络安全和基础设施安全局 (CISA) 仍然致力于提供持续的指导和支持，以确保关键基础设施和数据的安全。有关最新信息和更新，请访问 CISA 网站 cisa.gov。