sumo Logic

Update November 21, 14:37 EST: Sumo Logic says that no customer data was affected in the breach and provided Indicators of Compromise (IOCs) to help customers scan their own systems for signs of related malicious activity. 

"We are grateful to share that the diligent investigation led by our security and engineering teams uncovered no proof of customer data impact and no threat of customer data impact present," Sumo Logic said.

"These findings were verified by third-party forensic experts and the investigation of this incident is now complete and closed."

Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week.

The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account.

Sumo Logic says its systems and networks weren't impacted during the breach and that "customer data has been and remains encrypted."

"Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution," the company said.

"We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems."

These measures involve enhanced monitoring and addressing potential vulnerabilities to prevent similar incidents in the future. The company also continues to monitor network and system logs to identify any indications of additional malicious activity.

Customers advised to rotate API keys

In light of these developments, Sumo Logic advised customers to rotate credentials used to access its services or any credentials shared with Sumo Logic for accessing other systems.

Sumo Logic customers should immediately rotate their API access keys and should also reset the following as a precautionary measure:

  • Sumo Logic installed collector credentials
  • Third-party credentials that have been stored with Sumo for the purpose of data collection by the hosted collector (e.g., credentials for S3 access)
  • Third-party credentials that have been stored with Sumo as part of webhook connection configuration
  • User passwords to Sumo Logic accounts

"While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience," the company said.

"We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center."

Sumo Logic operates a cloud-native SaaS analytics platform providing customers with log analytics, infrastructure monitoring, cloud infrastructure security services, and more.

In May, private equity firm Francisco Partners acquired the company for $1.7 billion. Its customer list includes many tech companies like Samsung, Okta, SAP, F5, Airbnb, SEGA, 23andme, Toyota, and others.

Related Articles:

Zscaler takes "test environment" offline after rumors of a breach

Ascension healthcare takes systems offline after cyberattack

UK confirms Ministry of Defence payroll data exposed in data breach

Collection agency FBCS warns data breach impacts 1.9 million people

DPRK hacking groups breach South Korean defense contractors