SiSense Security Concern
Anyone heard a response from SiSense?
Forum Discussion
28 Replies
Is this only affected to sisense cloud customers?.. does it affect self hosted customers?
I find it utterly ridiculous that we still have not received an answer to the most basic question : DOES THIS AFFECT SELF-HOSTED CUSTOMERS? We asked the question more than 24 hours ago and were given a generic cryptic "please refer to our FAQ".
Well here I am... in your FAQ, and I still cannot find an answer. Please follow the most basic incident response protocol and help your customers identify if they're affected by your security incident.
True it's a very vague email.. don't have any detail on what type of customers where affected.. changing all password and keys is a tedious task.. don't have any clue how self hosted customers will be affected by this. And no response from [email protected].
latest email mentioned to open a serv 1 ticket. When opening serv 1 ticket response from customer support is send questions to [email protected]. its just going in loops
How is it that self-hosted can be affected? I think others in my business assume our instances are isolated but I think the app calls back to base somehow - as I can see sometimes from support enquiries Sisense have visibility of server performance aspects. Is that about right?
If you're sufficiently paranoid, Sisense sends everything it can get its hands on back home.
Blanket responses of "we strongly recommend you reset your passwords" when asked "is on-prem affected?" (/me raises hand) don't help.
How does this affect customer database credentials? Does it mean that our credentials have been exposed and hence, someone could potentially log in to our database instance?
Hi nubeiro.
Can you submit this question to [email protected]? We have teams of people monitoring that inbox and they will work to get you the answers you need.
I don't have guidance on that yet. We have submitted the question and will share updates as soon as possible.
Thank you for your outreach. We will be providing an FAQ to our customers this afternoon that aims to answer many common questions. For now, please send any/all questions to [email protected].
We have reached out to the incidentquestions email last night and have still not received a response or acknowledgement.
Same!
Almost 24 hours from the original notification, and no information available yet?...
Is there any update or is there going to be an official statement with more detail released from Sisense soon? This is a potential huge deal for our organizational membership and we need our questions answered ASAP.
We received an email about the impact is with my.sisense.com. Is the app.periscope.com got compromised as well? Since Sisense purchased Periscope.
Thank you for your patience everyone. We are still working on the communication and will have it out as soon as possible.
Sangram just sent an email. Do you know if that's all we're expected to receive in the foreseeable future?
I was hoping for a more informative notification message than basically "reset your passwords"
My organization is also looking to find out how this happened, what actually happened, and what is being done to prevent a further incident in the future.
Understood. We will share that information as soon as possible.
Please let us know if it affects self hosted customers.
