OSIsoft has notified their employees, interns, consultants, and contractors regarding a data breach where the attackers used stolen credentials to remotely access company systems. They have published the notification which was submitted to the Office of the Attorney General in California.
OSIsoft is a software company that offers real-time data management solutions. Their core product is the open enterprise infrastructure, the PI System, which permits connecting sensor-based data, systems, and people and is used by organizations to collect, analyze and visualize data to improve internal processes. The company has over 1,000 employees and its product has more than 20,000 deployments across 127 countries.
According to the notification, OSIsoft intrusion detection systems alerted IT to unauthorized activity. Their security service provider has retrieved direct evidence of credential theft activity involving 29 computers and 135 accounts. They have concluded that all OSI domain accounts are affected.
The attackers have gained access to the OSI domain login details such as account name, email address, and password. Even though Active Directory (AD) uses cryptographic protection methods, the user’s personal credentials may have been compromised.
The company is investigating about the security breach and they had developed a comprehensive remediation strategy if any unauthorized activity surges during its investigation, and it has also deployed important security measures.
OSIsoft have started resetting the compromised passwords and advises the affected users to change passwords on external services if they were used for the OSI account. It is recommended to report any suspicious activity to the IT team, and disable or restrict remote access and file sharing features on their devices.