The Cybersecurity and Infrastructure Security Agency is responding to an intrusion affecting Sisense, a major provider of business and data analytics, that involves the compromise of customer data.
The agency released an alert about the incident on Thursday morning and Sisense has reportedly notified customers but has not released any public statements about the intrusion yet. CISA said independent security researchers discovered the compromise, and the agency urged Sisense customers to rotate their credentials.
“CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available,” the CISA advisory says.
Sisense provides a number of business analytics products, including a platform and a cloud-based service. The company lists a slew of high-profile customers on its site, including NASDAQ, AirCanada, and others. The platform typically requires quite a lot of permissions and deep integration into enterprises. Researchers say that the information the unnamed attackers were able to exfiltrate from Sisense includes credentials and authentication token for some of the apps that the platform integrates with.
Late on Thursday, Sisense CISO Sangram Dash sent a communication to customers about the incident and outlined a long list of actions they should take in order to protect their organizations, including changing any and all Sisense-related passwords, changing passwords for all Sisense users, and logging all users out of the platform. For organizations that employ single sign-on, the company also recommends changing shared secrets for SSO, rotating the X.509 certificate for the SSO SAML provider, and changing the OpenID client secret for companies that have implemented OpenID.
“Our customers must reset any keys, tokens, or other credentials in their environment used within the Sisense application,” the message says.
Sisense has not released any public statements about the incident yet.