Public Cloud Security Breaches Documenting their mistakes so you don't make them.

Sumo Logic 2023

Incident Details

Victimized Company:Sumo Logic
Incident Dates:2023-11-03 to ongoing
Disclosure Date:2023-11-07
Current Status:

Sumo Logic notified customers of an incident and recommended customers rotate credentials in their platform.


According to the announcemtn posted on the Sumo Logic Security Response Center

On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account. We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted.

Details of the Incident

Sumo Logic has not provided any further details.

Attribution / Perpetrator

None at this time.

Long-term Impact

Sumo Logic notified customers and recommended they rotate all credentials stored in their platform. In a subsequent update on 8 November, they revised the scope to only Third-party credentials that have been stored with Sumo as part of webhook connection configuration

Summary of Coverage

Cloud Security Lessons Learned

Sumo Logic only disclosed the incident resulted from “a compromised credential to access a Sumo Logic AWS account”, so we do not know if it was a long-term Access Key or some form of credential compromise of short-term credentials.