Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week.
The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account.
Sumo Logic says its systems and networks weren’t impacted during the breach and that “customer data has been and remains encrypted.”
“Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution,” the company said.
“We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems.”
These measures involve enhanced monitoring and addressing potential vulnerabilities to prevent similar incidents in the future. The company also continues to monitor network and system logs to identify any indications of additional malicious activity.
Customers advised to rotate API keys
In light of these developments, Sumo Logic advised customers to rotate credentials used to access its services or any credentials shared with Sumo Logic for accessing other systems.
Sumo Logic customers should immediately rotate their API access keys and should also reset the following as a precautionary measure:
- Sumo Logic installed collector credentials
- Third-party credentials that have been stored with Sumo for the purpose of data collection by the hosted collector (e.g., credentials for S3 access)
- Third-party credentials that have been stored with Sumo as part of webhook connection configuration
- User passwords to Sumo Logic accounts
“While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience,” the company said.
“We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center.”
Sumo Logic operates a cloud-native SaaS analytics platform providing customers with log analytics, infrastructure monitoring, cloud infrastructure security services, and more.
In May, private equity firm Francisco Partners acquired the company for $1.7 billion. Its customer list includes many tech companies like Samsung, Okta, SAP, F5, Airbnb, SEGA, 23andme, Toyota, and others.
Source: www.bleepingcomputer.com