Sumo Logic urges customers to reset API keys following security breach

Sumo Logic, a U.S.-based cloud data analytics and log analysis company, is urging users to reset API keys after discovering a security breach.

In a security notice published this week, Sumo Logic confirmed it had discovered evidence of a potential security incident on November 3. The incident involved an attacker using compromised credentials to access a Sumo Logic AWS account. After discovering the incident, Sumo Logic says it locked down the exposed infrastructure and rotated every potentially exposed credential for their infrastructure "out of an abundance of caution."

The company did not immediately respond to TechCrunch’s questions.

Sumo Logic says there is no indication that the company’s networks or systems have been impacted and said customer data “has been and remains encrypted.” However, the company is advising customers to “rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems.”

The company says users should immediately rotate their API access keys and should also reset Sumo Logic-installed collector credentials, third-party credentials that have been stored with Sumo, such as credentials for S3 access and user passwords for Sumo Logic accounts.

Sumo Logic, which was taken private earlier this year after being acquired by private equity firm Francisco Partners for $1.7 billion, says it has more than 2,100 customers, including 23andMe, Okta and Samsung.

"We are continuing to thoroughly investigate the origin and extent of this incident,” the company said. It added that it has identified the potentially exposed credentials and has added extra security measures "to further protect our systems," including improved monitoring.

Sumo Logic has not said how many credentials were compromised or how these credentials were compromised.

"While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience," the company said. "We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found.”