Incident Details
CISA of the United States is currently probing a security breach at Sisense, a business intelligence firm. The breach involved unauthorized entry into Sisense's Gitlab code repository by attackers, which enabled them to illicitly access Sisense's Amazon S3 storage containers and siphon off a significant volume of customer data amounting to several terabytes.
Incident
How Did the Breach Happen?
The security breach began with hackers successfully accessing Sisense's code repository on Gitlab. Within the repository, they discovered a token or credential that provided entry to Sisense's Amazon S3 storage buckets on the cloud.
What Data has been Compromised?
A large amount of Sisense customer data, comprising millions of access tokens, email account passwords, and SSL certificates, was unlawfully accessed and taken.
Why Did the company's Security Measures Fail?
The security breach revealed weaknesses in Sisense's security protocols, including the absence of encryption for confidential customer information kept in Amazon S3 buckets, and the unintentional disclosure of access tokens and credentials in the Gitlab repository.
What Immediate Impact Did the Breach Have on the company?
Customers of Sisense were advised to change all login information and private data shared with the company, along with receiving a comprehensive set of instructions to help reduce the consequences of the security breach.
How could this have been prevented?
Preventing the breach could have been achieved by employing improved security measures like ensuring the encryption of customer data, enforcing stringent access controls, and conducting routine security assessments to detect and address any weaknesses.
What have we learned from this data breach?
The incident highlights the significance of securing code repositories, encrypting sensitive data while it's stored, and maintaining a vigilant approach to cybersecurity to thwart unauthorized intrusion and data compromise.
Summary of Coverage
An intrusion at Sisense originated from hackers infiltrating the company's code repository on Gitlab, resulting in the unauthorized acquisition of numerous customer access tokens, passwords, and SSL certificates that were kept in Amazon S3 buckets. This occurrence underscored existing security vulnerabilities and emphasized the necessity for enhanced security protocols to safeguard customer information.