Other
Sisense Business Analytics Platform Breach (CISA Advisory)
Primary Source βIncident Details
CISA issued an urgent advisory on 11 April 2024 warning Sisense customers to immediately rotate all credentials used with the platform. Sisense (a business intelligence/analytics SaaS serving critical infrastructure, defense, and Fortune 500 clients) had tokens, API keys, email account passwords, and SSL certificates stolen, giving attackers access to Sisense customers’ connected third-party platforms including Salesforce, GitHub, Box, and BigQuery. The scale of downstream impact was unknown. CISA coordinated the response with Sisense and private sector partners.
Technical Details
- Initial Attack Vector
- Attackers gained access to Sisense's self-hosted GitLab code repository, found credentials/tokens granting access to Sisense's Amazon S3 buckets in the cloud, and exfiltrated customer access tokens, API keys, passwords, and certificates
- Vendor / Product
- GitLab (self-hosted); Amazon S3
Timeline
- 2024-01-01 Breach occurred
- 2024-04-11 Publicly disclosed
- 2024-04-11 Customers notified