Sumo Logic reports potential data breach caused by compromised AWS credentials
Take action: If you are using SumoLogic, start a process of resetting your system and user credentials related to SumoLogic services: Sumo Logic-installed collectors, third-party systems integrated for data collection and user accounts on Sumo Logic. All of them may have been compromised.
Learn More
Sumo Logic, a firm specializing in cloud-native big data and security analytics, has reported a suspected security breach. The potential breach was flagged on Friday, 3rd of November, following the detection of unauthorized access linked to a compromised AWS account credential associated with Sumo Logic.
In their security advisory, Sumo Logic stated, "While we have not yet found any evidence of our networks or systems being affected, and we confirm that customer data remains encrypted, we took immediate action to mitigate risk." These actions included reinforcing their defenses by updating vulnerable access points, revising other credentials that might have been at risk, enhancing overall security protocols, and delving into the origins and scope of the suspicious activities.
The company has committed to proactively informing their clients should any indication of unwarranted access to Sumo Logic accounts surface.
Sumo Logic has also issued a set of precautionary recommendations for their customers, urging them to promptly replace their Sumo Logic API access keys and, to further enhance security, to also update:
- Credentials for Sumo Logic-installed collectors,
- Credentials for third-party services that are integrated for data collection purposes, such as S3 access, or those used in webhook configurations,
- Passwords for user accounts on Sumo Logic.
