Skip to content
Make Your Internet Intelligence Thrive | Get 20% off Censys Search Teams or Solo annual plans with code Spring24 by 5/31 | Save Now
Advisory

April 12, 2024: Sisense breach and compromise of customer data impact

 

Summary

Censys is aware that on April 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published an alert regarding the breach of Sisense and the resulting compromise of customer data.
Asset Description
Sisense’s technology produces business intelligence and data analytics for large enterprises by collecting and analyzing data from an organization’s current tech assets and applications.

Impact

Potential Consequences of Successful Exploitation

From TechCrunch, “Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.”
This likely means that whatever assets Sisense’s technology has access to within an organization, may be at risk if the Sisense product/technology is compromised locally, leveraging the compromised data from the breach.
Exact details regarding the circumstances of the breach/compromise, nor fallout that may include such aforementioned scenarios, have been made available by the vendor or authorities.

Affected Assets

No details regarding specific assets have been made available; however CISA’s alert addresses all Sisense customers.
Censys’ Rapid Response Team was able to identify Sisense’s Prism Global instances as these are the only public internet-facing instances of Sisense products. Other Sisense products are likely embedded with other assets or sit behind firewalls and other network defenses. Below is a query that will uncover the publicly-facing Prism Global assets recently observed from our scans.

Censys ASM Query for Exposed Assets.
The query above will find Prism Global instances associated with your organization in your ASM workspace, within approximately 24 hours.

Censys Search Queries
are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.

Recommendations for remediation

from CISA “urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.”

If you need assistance in positively identifying these assets, please let us know.

For extended context around this situation, please reference this Censys Research blog.

Attack Surface Management Solutions
Learn more