Recent Warning Issued for Sisense Customers: Password Compromise and Supply Chain Attacks Possible

The US federal government has issued a warning to customers of the business analytics platform Sisense, urging them to reset their passwords due to a potential compromise. The Cybersecurity and Infrastructure Security Agency (CISA) advisory emphasizes the importance of changing credentials not only for Sisense but also for any other sensitive data that may have been accessed through the platform.

Sisense, a software-as-a-service (SaaS) platform that provides AI-driven analytics to over 2,000 companies including Air Canada and Nasdaq, has become a target for cyber threats. Patrick Tiquet, vice president of security and architecture at Keeper Security, warns of possible supply chain cyberattacks targeting Sisense customers. He advises immediate action in response to the breach.

The seriousness of the situation is underscored by the swift response from the federal government. Sean Deuby, principal technologist with Semperis, describes CISA’s advisory as “ominous,” drawing parallels to recent breaches at MGM Resorts and Caesars Palace. The threat of supply chain attacks, as seen with WannaCry and SolarWinds, highlights the challenges in securing interconnected networks.

In light of the breach, Jason Soroko, senior vice president of product at Sectigo, recommends a thorough review of API password keys in addition to password resets. Sisense customers are urged to be vigilant for any suspicious activity dating back to April 5 and take immediate steps to protect their data and networks.

As the investigation into the breach continues, customers are advised to follow CISA’s guidance and enhance their cybersecurity measures to prevent further unauthorized access and potential supply chain disruptions.