Sumo Logic, a prominent player in the cybersecurity field, experienced a security breach on November 3, prompting swift action to mitigate additional risks. The company promptly informed its customers of the Sumo Logic security breach incident on November 7 as it moved to counter the breach’s effects.
A stolen credential was used in an attempted breach of a Sumo Logic AWS account. While no immediate damage to Sumo Logic’s networks or systems has been reported, the company is taking the potential threat seriously.
In a precautionary response to the security breach, Sumo Logic has reset credentials that could be compromised. An in-depth investigation was initiated to determine the breach’s scope and source. Additionally, the company has recommended that its customers routinely update their passwords to reduce the risk of future breaches.
Sumo Logic Security Breach Explained
On November 8, the firm disclosed details about the Sumo Logic security breach they had encountered.
“On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account. We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted,” read the official statement.
Following the detection, the firm immediately secured the potentially affected infrastructure and updated all credentials that could have been compromised.
“We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems. This includes improved monitoring and fixing any possible gaps to prevent any similar events and we are continuing to monitor our logs to look for further signs of malicious activity. We have taken actions to stop the threat to our infrastructure and are advising customers to rotate their credentials,” the statement continued.
In a subsequent update, Sumo Logic indicated that their ongoing investigation had allowed them to narrow down the scope of the incident, advising a more targeted approach to security measures.
“As an outcome of our ongoing investigation, we are reducing the scope of the additional precautionary measures mentioned in our November 7 message. Here is the updated recommendation: What you could also rotate as an additional precautionary measure: Third-party credentials that have been stored with Sumo as part of webhook connection configuration,” the company updated.
Sumo Logic recommends customers rotate any passwords used to access Sumo Logic or those shared with Sumo Logic to access additional systems for security purposes.
Examples include Sumo Logic API access keys, Sumo Logic installed collector credentials (collector_username & collector_password), third-party vendors used for data collection, user passwords for all Sumo Logic accounts, etc.
Following the Sumo Logic breach, the firm has assured that, amidst the ongoing investigation, they will quickly alert individuals about any questionable login attempts. They also encourage those seeking regular updates on the matter to visit Sumo Logic’s Security Response Center.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
