Sumo Logic warns of unexplained breach

Tracked breach to APIs, but says customer data remains safe

Machine data analytics firm Sumo Logic has discovered a security breach in the data interfaces by which its software collects intelligence for its customers.

The $300m firm said yesterday that its 40,000 customers should change the security keys its cloud-based platform uses to access remote data services through APIs.

It pinned the breach down to those APIs through which its platform collects data from its customers' IT infrastructure for analysis, a week after announcing its discovery of the breach.

Notifying customers four days later, on Tuesday, it urged them to change all security credentials in their Sumo implementations, including API keys and user passwords. Yesterday, Thursday, it said its investigation was ongoing, and that its account with AWS had been compromised.

Sumo Logic changed all its security credentials immediately upon discovering the breach, it said in a security alert to customers.

It didn't say if any particular third-party data services were at the centre of the incident, or if the breach had spread through its data interfaces to the other cloud platforms or its customers' on-premise systems.

"We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted," it said.

"Ensuring the security and reliability of our customers' digital experience is our top priority," the company added on Tuesday.

"We have always placed great emphasis on protecting our customers against threats, and we understand and deeply value the trust our customers place in us. To that end, we are writing to notify you, as a precautionary measure, of a possible security incident within our platform."