U.S. cloud data analytics and log analysis firm Sumo Logic has confirmed discovering a potential security incident after its Amazon Web Services account was accessed using stolen credentials, reports TechCrunch.
Aside from immediately taking down infrastructure exposed by the incident, Sumo Logic also conducted a rotation of likely exposed credentials in an effort to prevent further compromise. While there has been no evidence suggesting the compromise of Sumo Logic networks and systems, as well as customer data, organizations served by the company, which include Samsung, Okta, and 23andMe, have been urged to promptly rotate API access keys and replace user passwords, S3 credentials, and Sumo Logic-installed collector passwords, as well as Sumo-stored third-party credentials.
"We are continuing to thoroughly investigate the origin and extent of this incident," said Sumo Logic, which emphasized that additional security measures have already been implemented to better protect its systems.
Cloud environments are being compromised by APT29 not only through previously breached access service account credentials but also via old employee accounts that were not disconnected by organizations.