Breach Details
In April 2024, Sisense, established in 2004 to offer business intelligence and data analytics software, suffered a significant data breach. The breach involved unauthorized access to Sisense’s GitLab code repository, which led to the exfiltration of data from Sisense’s Amazon S3 accounts. This breach has been described as one of the most severe in recent times, potentially affecting millions of credentials.
Implications
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken an active role in addressing this breach due to its potential to initiate a massive supply chain attack that could affect thousands of companies globally. The breach highlights critical vulnerabilities in software products and the growing interest of attackers in targeting such infrastructure.
Call to Action
In response to the breach, Sisense’s CISO has issued urgent recommendations for all customers to rotate any credentials used within their Sisense applications immediately (see the original message)
Customers should also reset API keys and look for unusual activity starting from April 5th, 2024. Users must act quickly to mitigate further risks.
How Suridata Could Have Helped
In this incident, Suridata could have mitigated the risk significantly by:
- Securing access to Gitlab using IP based controls
- Ensuring that all users access requires MFA and that there are no exceptions
- Configuring and scanning to confirm that there is no committing of credentials into code
- Restrict AWS API key usage by IP Address
- Making sure that client information is encrypted at rest
- Detect Sisense as a shadow SaaS / third-party app connected to core business applications.
Conclusion
The Sisense data breach serves as a critical reminder of the importance of enhanced SaaS security practices, especially in safeguarding interconnected applications and third parties. Companies must stay proactive in their security strategies to protect their data and maintain trust with their customers and partners.