Market Cap: $2.1224T 2.64%
Volume(24h): $87.1289B 0.58%
  • Market Cap: $2.1224T 2.64%
  • Volume(24h): $87.1289B 0.58%
  • Fear & Greed Index:
  • Market Cap: $2.1224T 2.64%
Cryptos
Topics
Cryptospedia
News
CryptosTopics
Videos
Top News
Cryptos
Topics
Cryptospedia
News
CryptosTopics
Videos
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

Cryptocurrency News Articles

Sisense Data Breach Compromises Credentials for Critical Infrastructure Sector

Apr 12, 2024 at 08:08 am

The Cybersecurity and Infrastructure Security Agency (CISA) is investigating a breach at Sisense, a business intelligence company that allows companies to track multiple third-party online services. Sisense has urged customers to reset any credentials and secrets shared with the company, advising caution and the rotation of any credentials used within the Sisense application.

Sisense Data Breach Compromises Credentials for Critical Infrastructure Sector

Cybersecurity Breach at Sisense: Critical Infrastructure Sector Organizations Impacted

The United States Cybersecurity and Infrastructure Security Agency (CISA) has initiated an investigation into a data breach at business intelligence company Sisense. Sisense's products enable businesses to monitor the status of various external online services through a centralized dashboard.

CISA has strongly advised all Sisense customers to reset any credentials and secrets shared with the company, a recommendation previously issued by Sisense on April 10th.

Sisense, headquartered in New York City, boasts over a thousand customers across multiple industries, including finance, telecommunications, healthcare, and higher education. On April 10th, Sangram Dash, Sisense's Chief Information Security Officer, informed customers of reports indicating that "certain Sisense company information may have been made available on what we have been advised is a restricted access server."

"We are treating this matter with the utmost seriousness and have promptly commenced an investigation," Dash stated. "We have enlisted industry-leading experts to aid in our investigations. Our business operations have not been interrupted by this incident. However, as a precautionary measure, we strongly urge you to immediately change any credentials you use within your Sisense application."

CISA's advisory acknowledges its collaboration with private industry partners in response to the incident, particularly considering the potential impact on critical infrastructure sectors. CISA pledged to provide updates as more information becomes available.

Sisense declined to comment when contacted about the accuracy of information shared by reliable sources close to the investigation. These sources indicate that the breach likely originated with the attackers' access to Sisense's Gitlab code repository. Within this repository, a token or credential provided the attackers access to Sisense's Amazon S3 buckets in the cloud.

Sources further revealed that the attackers utilized their S3 access to exfiltrate terabytes of Sisense customer data, reportedly including millions of access tokens, email account passwords, and even SSL certificates.

This incident raises concerns about Sisense's safeguards for protecting sensitive customer data, particularly regarding whether the large volume of stolen data was encrypted while stored on Amazon cloud servers.

Crucially, the breach has compromised all credentials that Sisense customers used within their dashboards.

The incident also highlights the limited scope of Sisense's remediation actions on behalf of customers. Access tokens are essentially text files that enable extended login sessions, sometimes indefinitely. Depending on the service, attackers may be able to reuse these tokens to impersonate victims without presenting valid credentials.

Beyond resetting passwords, Sisense customers must assess their individual circumstances and determine whether to change passwords for third-party services previously integrated with Sisense.

Following the incident, a public relations firm representing Sisense inquired about KrebsOnSecurity's plans for further updates. Sisense requested an opportunity to provide comments before publication.

However, after being confronted with details provided by sources, Sisense reportedly changed its position. "After consulting with Sisense, they have told me that they don't wish to respond," the PR representative stated via email.

Update, 6:49 p.m., ET:

It has been clarified that Sisense utilizes a self-hosted version of Gitlab, not the cloud version managed by Gitlab.com.

Sisense's CISO, Dash, has issued a detailed update to customers. The revised guidance includes resetting access tokens across various technologies, such as Microsoft Active Directory credentials, GIT credentials, web access tokens, and single sign-on (SSO) secrets or tokens.

Dash's full message to customers is as follows:

"Good Afternoon,

We are following up on our prior communication of April 10, 2024, regarding reports that certain Sisense company information may have been made available on a restricted access server. As noted, we are taking this matter seriously and our investigation remains ongoing.

Our customers must reset any keys, tokens, or other credentials in their environment used within the Sisense application.

Specifically, you should:

  • Change Your Password: Change all Sisense-related passwords on http://my.sisense.com
  • Non-SSO:

    • Replace the Secret in the Base Configuration Security section with your GUID/UUID.
    • Reset passwords for all users in the Sisense application.
    • Logout all users by running GET /api/v1/authentication/logout_all under Admin user.
  • Single Sign-On (SSO):

    • If you use SSO JWT for the user's authentication in Sisense, you will need to update sso.shared_secret in Sisense and then use the newly generated value on the side of the SSO handler.
    • We strongly recommend rotating the x.509 certificate for your SSO SAML identity provider.
    • If you utilize OpenID, it's imperative to rotate the client secret as well.
    • Following these adjustments, update the SSO settings in Sisense with the revised values.
    • Logout all users by running GET /api/v1/authentication/logout_all under Admin user.
  • Customer Database Credentials: Reset credentials in your database that were used in the Sisense application to ensure continuity of connection between the systems.
  • Data Models: Change all usernames and passwords in the database connection string in the data models.
  • User Params: If you are using the User Params feature, reset them.
  • Active Directory/LDAP: Change the username and user password of users whose authorization is used for AD synchronization.
  • HTTP Authentication for GIT: Rotate the credentials in every GIT project.
  • B2D Customers: Use the following API PATCH api/v2/b2d-connection in the admin section to update the B2D connection.
  • Infusion Apps: Rotate the associated keys.
  • Web Access Token: Rotate all tokens.
  • Custom Email Server: Rotate associated credentials.
  • Custom Code: Reset any secrets that appear in custom code Notebooks.

If you need any assistance, please submit a customer support ticket at https://community.sisense.com/t5/support-portal/bd-p/SupportPortal and mark it as critical. We have a dedicated response team on standby to assist with your requests.

At Sisense, we give paramount importance to security and are committed to our customers' success. Thank you for your partnership and commitment to our mutual security.

Regards,

Sangram Dash
Chief Information Security Officer"

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Jul 04, 2026