BrianKrebsApr 11, 2024
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Show threadBrianKrebsApr 11, 2024

CISA has released an advisory about this:

https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data

If you use Sisense, it's time to rotate *any* credentials you stored with them.

CISA urges Sisense customers to:

Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.

Show threadBrianKrebsApr 11, 2024
Meant to add that Sisense has told me they don't wish to respond to questions about the information I've gathered so far.
Show threadGraham Sutherland / Polynomial
@briankrebs I mean, yeah, of course they don't WANT to lol
Apr 11, 2024 at 2:14pmWeb