Cloud
Sisense Business Analytics Platform Breach (CISA Advisory)
Primary Source ↗Incident Details
CISA issued an urgent advisory on 11 April 2024 warning Sisense customers to immediately rotate all credentials used with the platform. Sisense (a business intelligence/analytics SaaS serving critical infrastructure, defense, and Fortune 500 clients) had tokens, API keys, email account passwords, and SSL certificates stolen, giving attackers access to Sisense customers’ connected third-party platforms including Salesforce, GitHub, Box, and BigQuery. The scale of downstream impact was unknown. CISA coordinated the response with Sisense and private sector partners.
Technical Details
- Initial Attack Vector
- Attackers gained access to Sisense's self-hosted GitLab code repository, found credentials/tokens granting access to Sisense's Amazon S3 buckets in the cloud, and exfiltrated customer access tokens, API keys, passwords, and certificates
- Vendor / Product
- GitLab (self-hosted); Amazon S3
Timeline
- 2024-01-01 Breach occurred
- 2024-04-11 Publicly disclosed
- 2024-04-11 Customers notified