720-891-1663

Alerts, Best Practices, Breach, Legal

Third Party + Credentials Breach

Leave a comment

CISA is going into overdrive on this one and the more I read about it, the more I understand why.

On the surface, this is a story of a vendor that many companies trusted who was breached. Kind of old news. Definitely a problem, but nothing unusual.

The company that was breached was Sisense and they are being pretty tight lipped. Unfortunately for them, they have an old school survival mentality, meaning that if we don’t talk about it, maybe the story will die.

In today’s social media world, all that not talking does is spin up conspiracy theories. Not exactly what they want.

SiSense is a business intelligence firm. Their product is designed to allow companies to view the status of multiple third-party online services from a single pane of glass. Which is great until they get compromised.

The company, based in New York, has a thousand customers in a variety of industries such a finance, healthcare and telecomm.

The stolen data is, apparently, available on what they are calling a “restricted access server”. Probably what the rest of us call the dark web.

SiSense, in a totally tone deaf announcement, said they are investigating, but we are open for business, even though we totally screwed our customers. Oh, wait, they didn’t say that last part.

CISA is working with select critical infrastructure companies to try and mitigate the damage.

Here is what sets this breach apart.

The hackers apparently gained access to SiSense’s Gitlab repository and guess what was in it. There was a token or credential that gave them access to SiSense’s Amazon S3 storage.

The hackers used that access to steal (exfiltrate for you geeks) terabytes data, including, believe it or not, MILLIONS of access tokens, email account passwords and SSL certificates.

Perhaps no one told them that there is something called a password vault. In fairness, it could be their customer’s fault, but none the less, there are now millions of credentials in the wild.

So now the hackers have all of the credentials that SiSense used to build and operate the dashboards for their customers.

Now it is their customers decision on what to do. (A) Do we sue SiSense for billions of dollars? That would probably be their first choice. (B) Do we change millions of credentials? Definitely harder. (C) Do we wait and see what happens? Probably the worst idea. (D) Do we change select critical credentials ? Definitely recommended. Likely it is a mix including (A) and (D), at least.

I would say that the company is in for a rough time for the next few years. I hope they have a lot of insurance. The company picked up a hundred million in funding in 2020 with a billion dollar valuation. That was four years ago. So, it is possible that they can weather this.

But, the lawsuits, the customer runoff and the brand damage will be severe.

SiSense said in a customer email that you should submit a ticket if you need assistance. Mark it critical.

But there are a lot of lessons here.

If this story makes you nervous, give us a call. We can’t do magic but we can help reduce the risk.

Credit: Brian Krebs

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy