BrianKrebsApr 11, 2024
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Show threadBrianKrebs

CISA has released an advisory about this:

https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data

If you use Sisense, it's time to rotate *any* credentials you stored with them.

CISA urges Sisense customers to:

Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.

Apr 11, 2024 at 1:32pmWeb
Show threadBrianKrebsApr 11, 2024
Meant to add that Sisense has told me they don't wish to respond to questions about the information I've gathered so far.
Show threadGraham Sutherland / PolynomialApr 11, 2024
@briankrebs I mean, yeah, of course they don't WANT to lol
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳApr 11, 2024
@briankrebs Did Sisense ask not to publish anything yet while the investigation is on going? 
Show threadJason Parker (he/they)Apr 11, 2024
@briankrebs "We take cybersecurity very seriously and ..."