SiSense Security Concern
Anyone heard a response from SiSense? Compromise of Sisense Customer Data | CISA (5) Post | LinkedIn
Forum Discussion
I find it utterly ridiculous that we still have not received an answer to the most basic question : DOES THIS AFFECT SELF-HOSTED CUSTOMERS? We asked the question more than 24 hours ago and were given a generic cryptic "please refer to our FAQ".
Well here I am... in your FAQ, and I still cannot find an answer. Please follow the most basic incident response protocol and help your customers identify if they're affected by your security incident.
True it's a very vague email.. don't have any detail on what type of customers where affected.. changing all password and keys is a tedious task.. don't have any clue how self hosted customers will be affected by this. And no response from [email protected].
latest email mentioned to open a serv 1 ticket. When opening serv 1 ticket response from customer support is send questions to [email protected]. its just going in loops
How is it that self-hosted can be affected? I think others in my business assume our instances are isolated but I think the app calls back to base somehow - as I can see sometimes from support enquiries Sisense have visibility of server performance aspects. Is that about right?
If you're sufficiently paranoid, Sisense sends everything it can get its hands on back home.
Blanket responses of "we strongly recommend you reset your passwords" when asked "is on-prem affected?" (/me raises hand) don't help.
