Sumo Logic Urges Customers To Rotate Credentials After ‘Potential Security Incident’

The provider of log analytics and SIEM said that one of its AWS accounts was maliciously accessed, but that ‘customer data has been and remains encrypted.’

Sumo Logic urged customers to rotate credentials after one of its AWS accounts was maliciously accessed.

The company, which provides tools including log analytics and SIEM (security information and event management), said it found evidence Nov. 3 of a “potential security incident.”

[Related: Okta Discloses Support System Breach Impacting Customer Data]

“The activity identified used a compromised credential to access a Sumo Logic AWS account,” the Redwood City, Calif.-based company said in a security notice posted on its website Tuesday.

“We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted,” Sumo Logic said.

The company added that it will “directly notify customers if evidence of malicious access to their Sumo Logic accounts is found.” CRN has reached out to Sumo Logic to ask whether there is evidence of any malicious access to customer accounts or data.

While Sumo Logic said that releasing the security notice was a “precautionary measure,” the company also recommended that customers “rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems.”

The top priorities for rotation are Sumo Logic API access keys, which “we advise you rotate immediately,” the company said.

Sumo Logic listed several additional credentials that customers might want to rotate as a precaution.

The company said the investigation into the incident is “ongoing.”