U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.
CISA said it urges Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services” and to report any suspicious activity involving the use of compromised credentials to the agency.
Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants.
Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis.
With access to these credentials, an attacker could potentially also access a customer’s data.
Death, taxes, and regular, terrifying cybersecurity leaks.
Those are the facts of life, as the latest AT&T data breach is teaching us yet again.
A TechCrunch investigation into leaked customer data from the American telco giant has led to AT&T resetting certain customer account passcodes to prevent them from being at risk.
The root of the security weakness is a massive, and AT&T’s data breach included a leaked dataset concerning more than seventy million former and current AT&T account holders.
Only a fraction are still current, but the scale of the leaked dataset that TechCrunch dug into makes it plain that despite huge amounts of work and investment, there are still regular, exploitable, and dangerous for consumers.
The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords.
A spokesperson for the company said there was no breach, just a series of hacking attempts against some users.
To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a Pokemon Company spokesperson.
The description of the Pokemon account breaches sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.
For its part, the Pokemon Company does not allow its users to enable two-factor on their accounts, when TechCrunch checked.
