Sumo Logic urges customers to reset API keys following security breach


Share post:

Sumo Logic, a U.S.-based cloud data analytics and log analysis company, is urging users to reset API keys after discovering a security breach.

In a security notice published this week, Sumo Logic confirmed it had discovered evidence of a potential security incident on November 3. The incident involved an attacker using compromised credentials to access a Sumo Logic AWS account. After discovering the incident, Sumo Logic says it locked down the exposed infrastructure and rotated every potentially exposed credential for their infrastructure “out of an abundance of caution.”

The company did not immediately respond to TechCrunch’s questions.

Sumo Logic says there is no indication that the company’s networks or systems have been impacted and said customer data “has been and remains encrypted.” However, the company is advising customers to “rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems.”

The company says users should immediately rotate their API access keys and should also reset Sumo Logic-installed collector credentials, third-party credentials that have been stored with Sumo, such as credentials for S3 access and user passwords for Sumo Logic accounts. 

Sumo Logic, which was taken private earlier this year after being acquired by private equity firm Francisco Partners for $1.7 billion, says it has more than 2,100 customers, including 23andMe, Okta and Samsung.

“We are continuing to thoroughly investigate the origin and extent of this incident,” the company said. It added that it has identified the potentially exposed credentials and has added extra security measures “to further protect our systems,” including improved monitoring.

Sumo Logic has not said how many credentials were compromised or how these credentials were compromised.

“While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience,” the company said. “We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found.”

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

British Library confirms customer data was stolen by hackers, with outage expected to last ‘months’

The British Library has told customers that their personal data may have been stolen during a recent...

DuploCloud lands $32M infusion to make provisioning cloud apps easier

It’s only appropriate that, during AWS’ biggest week of the year, a cloud-based software-as-a-service startup closed a...

Layla taps into AI and creator content to build a travel recommendation app

Many companies are trying to use AI chatbots (beyond ChatGPT) in different industries — especially in the...

Prosus slashes Indian edtech giant Byju’s valuation to ‘sub-$3 billion’

Prosus has marked down the valuation of Byju’s, India’s most valuable startup, to below $3 billion, the...

Immensa, a MENA-based additive manufacturing and digital inventory platform, raises $20 million 

The global energy spare parts market is valued at over $90 billion, with the Middle East representing...

South African startup GoMetro gets £9M for its fleet management optimization software

GoMetro, a South African tech company that operates in the fleet management space, has raised £9 million...

FEBE Ventures launches $75 million second fund

FEBE Ventures’ name stands for “for entrepreneurs by entrepreneurs,” and true to form, it is continuing to...

London’s iconic black cabs can soon be hailed on Uber

Uber has secured another win over the struggling taxi industry. Soon, riders in London will be able...