SiSense Security Concern
Anyone heard a response from SiSense?
Forum Discussion
28 Replies
I'm not sure the latest response was worthy of interupting my Sunday as the CEO seemed to simply read out the statement already on the FAQ. It may be of interest to others that the NCSC in the UK have alerted us that that the incident may have started on or around the 5th April. This wording was included in their notification to us:
"The NCSC has received credible information to suggest that database credentials belonging to your
organisation may have been obtained by a cyber criminal group through the suspected compromise of
Sisense. We believe this activity is may have started around the 5th April 2024."Hi SteveWay, that NCSC email, was that directly to you as you have your credentials registered?
Our company is interested in this information, but I cannot find a source on the NCSC website, so I am assuming these communications are direct to you/your company.
Also pretty annoyed with the misrepresentation of a "Town Hall" which was just a statement with zero interaction. Why they didn't just record the statement and put it on this portal is beyond me, which also could have been done two days ago. I got out of bed at 2am for that.
Would you mind forwarding me a copy of the NCSC email if it doesn't contain sensitive information? I'll PM you my email address.
Thank you for your feedback, and I understand your frustration. I am communicating your concerns to our internal teams and I will share more information as soon as possible.
Please let us know if you have any update if this impacts self hosted customers.
Regarding our data-source passwords that are stored directly in the self-hosted environments, we were told that we have to update these passwords. Are they somehow being sent back to Sisense and if so, what purpose would Sisense have for logging these? I understand this would be the case if we had signed up for the Sisense on-premise's environment, but we didn't.
I keep on seeing mention of an "FAQ". Where is this? Was it was only sent out via email, or is there an actual FAQ page somewhere? My company's in a bit of a unique position in that we're not direct Sisense customers, and instead we use it in a roundabout 3rd party way, so we never received any emails. I'm trying to get more information about how this whole thing impacts us, but I've tried looking around on the Sisense website and in the community and I'm not finding anything. Maybe I've just missed it, but if so, I'd appreciate someone posting a link. (Side note: assuming I haven't missed it....why is this incident seemingly not mentioned anywhere on the main Sisense website? I understand this is maybe embarrassing, so maybe you wouldn't plaster it right on the main page, but still, shouldn't there at least be a press release about this or something?)
Sent via email. They are directing everyone to [email protected] so that is probably your best bet to request a copy/be kept updated.
