November 9, 2023: 2:00PM PST
Per the recommendations mentioned in the November 7th & 8th Security Notices, we have created a playbook to guide our customers through the process of updating their API access keys.
Here is a direct link to the playbook: link
The information contained in this website is provided “as is,” without any warranty of any kind, either express or implied. Users are solely responsible for adequate protection and backup of the data and equipment used in connection herewith. If Users require assistance, please contact our Support team via opening a ticket using our Support Console.
November 8, 2023
As an outcome of our ongoing investigation, we are reducing the scope of the additional precautionary measures mentioned in our November 7th message. Here is the updated recommendation:
What you could also rotate as an additional precautionary measure:
- Third-party credentials that have been stored with Sumo as part of webhook connection configuration
November 7, 2023
To Our Valued Customers:
At Sumo Logic, ensuring the security and reliability of our customers’ digital experience is our top priority. We have always placed great emphasis on protecting our customers against threats, and we understand and deeply value the trust our customers place in us.
To that end, we are writing to notify you, as a precautionary measure, of a possible security incident within our platform.
WHAT HAPPENED:
On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account. We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted.
WHAT HAVE WE DONE:
Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution. We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems. This includes improved monitoring and fixing any possible gaps to prevent any similar events and we are continuing to monitor our logs to look for further signs of malicious activity. We have taken actions to stop the threat to our infrastructure and are advising customers to rotate their credentials.
WHAT SHOULD YOU DO:
We recommend that customers rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems. Specifically:
What we advise you rotate immediately:
What you could also rotate as an additional precautionary measure:
Sumo Logic installed collector credentials
Third-party credentials that have been stored with Sumo for the purpose of data collection by the hosted collector (e.g., credentials for S3 access)
Third-party credentials that have been stored with Sumo as part of webhook connection configuration
User passwords to Sumo Logic accounts
If you have questions about steps to take, please do not hesitate to contact our customer support team at https://support.sumologic.com/support/s/
WHAT HAPPENS NEXT:
While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience.
We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center.
Your security remains our top priority and we want to reiterate how much we value you putting your trust in us. Thank you for your understanding through this process.