Sumo Logic wrestles with security breach, pins down customer data

Trending 2 weeks ago

Sumo Logic has accepted that no chump abstracts was compromised as a aftereffect of the abeyant aegis aperture it apparent on November 3.

In a chump amend that includes the after-effects of the analysis absolute by third-party argumentative specialists, Sumo Logic, maker of the SaaS log analytics platform, said it now considers the case closed.

"We abide committed to accouterment all of our barter with defended and reliable agenda acquaintance and are accomplishing aggregate we can to appear safer from this incident," it said. 

"To that end, we will be adventure added appraisal to apprentice from this adventure and analyze any measures or modifications to anticipate approaching incidents."

The abstracts analytics biz aboriginal appear on November 7 that it had detected action advertence that one of its AWS accounts had been accessed application a compromised credential.

It wasn't able to affirm at the time whether chump abstracts was compromised but did say that, like always, it remained encrypted.

In response, Sumo Logic "immediately" anchored the apparent basement and formed to analyze any chump accreditation that were potentially apparent to the alone who accessed the AWS account.

Those anticipation to be at accident of acknowledgment were automatically rotated by the aggregation "out of an affluence of caution," as able-bodied as abacus added aegis measures to Sumo Logic's systems.

Every customer, behindhand of whether their credentials were believed to be at risk, was audacious at the time to circle their accreditation too. This activated to those acclimated to acceptance both Sumo Logic's belvedere anon and those provided to the aggregation to acceptance added systems.

  • Third-party abstracts aperture affecting Canadian government could absorb abstracts from 1999
  • Former infosec COO pleads accusable to advancing hospitals to boom up business
  • Rhysida ransomware gang: We attacked the British Library
  • LockBit redraws agreement approach afterwards affiliates abort to clasp victims

Special accent was placed on alternating Sumo Logic API acceptance keys – the aggregation audacious all barter to change them immediately.

As an added basic measure, it additionally recommended alteration third-party accreditation stored by the aggregation as allotment of webhook affiliation configuration.

From there, Sumo Logic provided approved updates to customers, with new posts to its aegis acknowledgment centermost actualization every two to three days.

The acceleration and agreeable of its acknowledgment were accepted by experts such as Jason Kent, hacker in abode at Cequence Security.

"Often back I apprehend account about breaches and a advancement to circle API keys I accept the aperture is activity to be major," he said. 

"No aperture is acceptable account but attending at how bound and abundantly the acknowledgment from their aegis aggregation was orchestrated. It seems like customer-side abstracts wasn't impacted but the advancement to circle keys is consistently a acceptable one in these cases. In fact, a acceptable footfall would be to invalidate/revoke all the API Keys they anticipate could be impacted.

"All of us should use this as a assignment to accomplish abiding we can acknowledge to things bound and to go attractive for assiduous API Keys that are actuality acclimated and circle them. If it is aching to circle the keys back there is no urgency, brainstorm how abundant harder it will be if you absolutely charge to get it done quickly." ®