Sumo Logic confirms data breach after AWS systems hit

representational image of a cloud firewall
Image Credit: Pixabay (Image credit: Pixabay)

Data analytics and security firm Sumo Logic has suffered a security breach, forcing it to lock down some parts of its system and urge users to rotate their API keys.

According to a BleepingComputer report, the company confirmed the breach, saying it discovered evidence of unauthorized access on Friday, November 3. 

Apparently, a threat actor used stolen credentials to access the company’s Amazon Web Services (AWS) account. “Customer data has been and remains encrypted,” the company added, saying its systems and networks were unaffected by the incident.

Ongoing investigation

"Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution," Sumo Logic said. "We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems."

These extra security measures include enhanced monitoring and addressing potential vulnerabilities. Sumo Logic will also continue monitoring network and system logs for further indicators of compromise.

The company also told its customers to update the credentials they use to access its services, as well as any other login information they shared with Sumo Logic.

Besides rotating their API access keys, users should reset Sumo Logic installed collector credentials, third-party credentials stored with Sumo, and user passwords to Sumo Logic accounts.

"While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience," the company said. "We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center."

Sumo Logic is a cloud-based machine data analytics company, with a focus on security, operations, and business intelligence use-cases. It provides log management and analytics services that use machine-generated big data.

The company was founded in early 2010, and is headquartered in Redwood City, California.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.