Wednesday 8th November 2023
Sumo Logic has urged users to change credentials used to access any Sumo Logic tool, as a result of a suspected security breach. The company monitors cloud, and log management and is a SIEM tool provider. The company stated there had been unauthorised access to a Sumo Logic AWS account on 3rd November, using compromised credentials.
There is little to suggest the company’s systems, networks, or customer data have been impacted, but Sumo Logic is advising users to change the credentials used to access Sumo Logic, or other Sumo Logic systems. The most urgent are API access keys. Sumo Logic’s investigation is ongoing, and it will notify customers directly if it discovers any malicious account access.
Sumo Logic’s first response was to lock down exposed infrastructure and rotate every potentially exposed credential for their infrastructure, to be overly cautious. They are continuing to investigate the incident and have added extra security measures for further protection.
Sumo Logic’s immediate response is to reassure customers and to provide them with evidence of the security measures being taken to protect customers. The investigation is ongoing, and it seems that Sumo Logic is being very cautious to ensure no further damage occurs. Customer actions below dive advice on what customers should do to continue to mitigate any potential issues from their end. However, the full extent of the incident is unknown, which suggests customers should be cautious, maintain awareness of any security updates posted by Sumo Logic, and act on these if required.
We recommend that customers change credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems. Specifically:
What we advise you rotate immediately:
What you could also rotate as an additional precautionary measure:
If you have questions about steps to take, please do not hesitate to contact our customer support team at https://support.sumologic.com/support/s/.
This is based on current, limited, knowledge, which should be further investigated and checked, before being applied to your systems.
Want to keep informed? Sign up to our Newsletter