Sumo Logic Recommends Users to Update Credentials Following Security Breach
The company revealed on Tuesday that a “potential security incident” discovered on November 3 involved unauthorized access to a Sumo Logic AWS account through the use of compromised credentials.
Sumo Logic, a provider of cloud-based monitoring, log management, and SIEM solutions, is calling on its customers to promptly update their credentials in the wake of a security incident. On Tuesday, the company disclosed that it detected unauthorized access to one of its AWS accounts on November 3, due to the exploitation of stolen credentials.
While there is no current evidence suggesting any impact on Sumo Logic's infrastructure, networks, or client data, the company is proactively advising users to refresh credentials that are used to access Sumo Logic services or that Sumo Logic uses to connect with other systems.
The immediate priority is for users to regenerate their API access keys. Additionally, out of an abundance of caution, it is recommended that users also update credentials for Sumo Logic-installed collectors, any third-party credentials stored in Sumo Logic, and passwords for user accounts on the Sumo Logic platform.
Sumo Logic is actively investigating the breach and has pledged to directly inform customers if it uncovers any indication of account compromise.
"We swiftly secured the compromised infrastructure and rotated every credential that could potentially be affected. Our investigation to pinpoint the source and full impact of this incident is ongoing. We've identified the credentials at risk and have implemented supplementary security enhancements to fortify our systems further," Sumo Logic stated in a security advisory.
Earlier this year, Sumo Logic transitioned to private ownership following a $1.7 billion acquisition by Francisco Partners, a private equity firm. Subsequent to the acquisition, the company streamlined its workforce, resulting in a number of layoffs.