Contents:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software.
The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services.
The agency also advised users to be vigilant for any unusual activities that could indicate misuse of their information.
CISA alert
CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services.
CISA urges Sisense customers to:
- Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
- Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.
CISA Alert (source)
The specifics of the breach, including how it impacted Sisense and the extent of the data compromised, were not detailed in the CISA’s announcement.
Sisense’s customer alert
The initial report of the breach came from Brian Krebs, a well-known journalist specializing in cybersecurity.
Krebs revealed on Mastodon that the breach potentially impacted “many millions of credentials,” indicating a large-scale data compromise.
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense.
I’m hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Brian Krebs (source)
This is a developing story, we will provide updates as we learn more.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.