cancel
Showing results for 
Search instead for 
Did you mean: 

SiSense Security Concern

JamesF
7 - Data Storage
7 - Data Storage
28 REPLIES 28

DRay
Community Team Member
Community Team Member

Thank you for your outreach. We will be providing an FAQ to our customers this afternoon that aims to answer many common questions. For now, please send any/all questions to [email protected].

David Raynor (DRay)

nickvigier
7 - Data Storage
7 - Data Storage

We have reached out to the incidentquestions email last night and have still not received a response or acknowledgement.

Same!

dougnewton
10 - ETL
10 - ETL

Almost 24 hours from the original notification, and no information available yet?...

DRay
Community Team Member
Community Team Member

Thank you for your patience everyone. We are still working on the communication and will have it out as soon as possible. 

David Raynor (DRay)

Sangram just sent an email. Do you know if that's all we're expected to receive in the foreseeable future?

I was hoping for a more informative notification message than basically "reset your passwords"

datanerd
8 - Cloud Apps
8 - Cloud Apps

Is this only affected to sisense cloud customers?.. does it affect self hosted customers?

MEDFAR
8 - Cloud Apps
8 - Cloud Apps

I find it utterly ridiculous that we still have not received an answer to the most basic question : DOES THIS AFFECT SELF-HOSTED CUSTOMERS? We asked the question more than 24 hours ago and were given a generic cryptic "please refer to our FAQ".

Well here I am... in your FAQ, and I still cannot find an answer. Please follow the most basic incident response protocol and help your customers identify if they're affected by your security incident.

True it's a very vague email.. don't have any detail on what type of customers where affected.. changing all password and keys is a tedious task.. don't have any clue how self hosted customers will be affected by this. And no response from [email protected].

latest email mentioned to open a serv 1 ticket. When opening serv 1 ticket response from customer support is send questions to [email protected]. its just going in loops

 

gwood
7 - Data Storage
7 - Data Storage

How is it that self-hosted can be affected? I think others in my business assume our instances are isolated but I think the app calls back to base somehow - as I can see sometimes from support enquiries Sisense have visibility of server performance aspects. Is that about right?

JohnLusk
7 - Data Storage
7 - Data Storage

If you're sufficiently paranoid, Sisense sends everything it can get its hands on back home.

Blanket responses of "we strongly recommend you reset your passwords" when asked "is on-prem affected?" (/me raises hand) don't help.

DRay
Community Team Member
Community Team Member

Thank you for your feedback, and I understand your frustration. I am communicating your concerns to our internal teams and I will share more information as soon as possible.

David Raynor (DRay)

nubeiro
7 - Data Storage
7 - Data Storage

How does this affect customer database credentials? Does it mean that our credentials have been exposed and hence, someone could potentially log in to our database instance?

DRay
Community Team Member
Community Team Member

I don't have guidance on that yet. We have submitted the question and will share updates as soon as possible.

David Raynor (DRay)

DRay
Community Team Member
Community Team Member

Hi @nubeiro.

Can you submit this question to [email protected]? We have teams of people monitoring that inbox and they will work to get you the answers you need.

David Raynor (DRay)

Jack_Machesky
9 - Travel Pro
9 - Travel Pro

My organization is also looking to find out how this happened, what actually happened, and what is being done to prevent a further incident in the future.

DRay
Community Team Member
Community Team Member

Understood. We will share that information as soon as possible.

David Raynor (DRay)

nura
7 - Data Storage
7 - Data Storage

Please let us know if you have any update if this impacts self hosted customers.

nura
7 - Data Storage
7 - Data Storage

Please let us know if it affects self hosted customers.

DRay
Community Team Member
Community Team Member

Hello @nura,

Thank you for reaching out.  I am communicating your question to our internal teams and we will share more information as soon as possible.

David Raynor (DRay)

Jack_Machesky
9 - Travel Pro
9 - Travel Pro

Is there any update or is there going to be an official statement with more detail released from Sisense soon? This is a potential huge deal for our organizational membership and we need our questions answered ASAP.

tammysoliman
7 - Data Storage
7 - Data Storage

We received an email about the impact is with my.sisense.com. Is the app.periscope.com got compromised as well? Since Sisense purchased Periscope.

blannon
7 - Data Storage
7 - Data Storage

Regarding our data-source passwords that are stored directly in the self-hosted environments, we were told that we have to update these passwords.  Are they somehow being sent back to Sisense and if so, what purpose would Sisense have for logging these? I understand this would be the case if we had signed up for the Sisense on-premise's environment, but we didn't. 

SteveWay
7 - Data Storage
7 - Data Storage

I'm not sure the latest response was worthy of interupting my Sunday as the CEO seemed to simply read out the statement already on the FAQ.  It may be of interest to others that the NCSC in the UK have alerted us that that the incident may have started on or around the 5th April.  This wording was included in their notification to us:

"The NCSC has received credible information to suggest that database credentials belonging to your
organisation may have been obtained by a cyber criminal group through the suspected compromise of
Sisense. We believe this activity is may have started around the 5th April 2024."

Hi SteveWay, that NCSC email, was that directly to you as you have your credentials registered?

Our company is interested in this information, but I cannot find a source on the NCSC website, so I am assuming these communications are direct to you/your company.

Also pretty annoyed with the misrepresentation of a "Town Hall" which was just a statement with zero interaction.  Why they didn't just record the statement and put it on this portal is beyond me, which also could have been done two days ago.  I got out of bed at 2am for that.

Would you mind forwarding me a copy of the NCSC email if it doesn't contain sensitive information?  I'll PM you my email address.

Jake_Raz
10 - ETL
10 - ETL

I keep on seeing mention of an "FAQ". Where is this? Was it was only sent out via email, or is there an actual FAQ page somewhere? My company's in a bit of a unique position in that we're not direct Sisense customers, and instead we use it in a roundabout 3rd party way, so we never received any emails. I'm trying to get more information about how this whole thing impacts us, but I've tried looking around on the Sisense website and in the community and I'm not finding anything. Maybe I've just missed it, but if so, I'd appreciate someone posting a link. (Side note: assuming I haven't  missed it....why is this incident seemingly not mentioned anywhere on the main Sisense website? I understand this is maybe embarrassing, so maybe you wouldn't plaster it right on the main page, but still, shouldn't there at least be a press release about this or something?)

Sent via email.  They are directing everyone to [email protected] so that is probably your best bet to request a copy/be kept updated.