Sisense customers seek answers after breach announcement

Dozens of Sisense customers have flooded the data analytics company’s community troubleshooting message board with questions about a recently announced breach.

Concerns about a security issue began to emerge on Wednesday evening and Sisense’s CISO initially said the company was aware of information leaked to a “restricted access server.” Customers were advised to rotate the credentials used with their Sisense application.

An update on Thursday evening apparently was unsatisfying. Customers “must reset any keys, tokens, or other credentials in their environment used within the Sisense application,” CISO Sangram Dash said. The post listed dozens of specific actions customers needed to take but provided no information on what exactly happened, who was behind the incident or what was stolen. 

In the company’s technical troubleshooting message board, dozens of angry customers demanded more detailed answers, with multiple people saying Sisense had not responded to their questions. 

“I was hoping for a more informative notification message than basically ‘reset your passwords,’” one customer said.

Multiple commenters wanted to know if they were affected and expressed confusion about the notices released by Sisense and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday. 

The company declined to comment on the incident Thursday and did not respond to requests for comment on Friday. 

Companies like Philips Healthcare, Verizon, Nasdaq and Air Canada use Sisense to gather, analyze and visualize data from different sources — providing the platform with troves of sensitive internal data.

CISA reiterated Sisense’s call for customers to change passwords and said it is “collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services.”

Cybersecurity journalist Brian Krebs spoke to two sources who alleged that the incident started with hackers breaching Sisense’s GitLab code repository and gaining access to credentials that they used to break into cloud servers where customer data is held.

The sources alleged to Krebs that the hackers exfiltrated “several terabytes worth of Sisense customer data.”

Chris Hughes, chief security advisor at cybersecurity firm Endor Labs and a Cyber Innovation Fellow at CISA, told Recorded Future News the incident “highlights the continued interest by malicious attackers when it comes to targeting widely used software products and suppliers including those used by critical infrastructure entities.” 

Attackers have realized how much value software suppliers have as targets due to the amount of data companies hand over willingly and which are often-times not protected adequately enough. 

“They can attack a large software supplier or open source project and have a massive downstream impact across the entire software ecosystem,” Hughes said. “The software supply chain remains the soft underbelly of the digital environment.”