Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

Sisense breach

Type
Incident
Actors
❓Unknown
Pub. date
April 11, 2024
Initial access
Unknown
Impact
Data exfiltration
Observed techniques
Credential harvesting from code repository
Targeted technologies
GitLab
References
https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/https://www.cisa.gov/news-events/alerts/2024/04/11/compromise-sisense-customer-data
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM

An unknown threat actor gained access to a self-hosted Gitlab instance used by Sisense, which stored credentials for an S3 bucket containing customer access tokens, passwords and SSL certificates.

Made with 💙 by Wiz

Last Updated: April 3, 2025