Log4Shell Vulnerability And The Nativo Platform

Nativo is monitoring the Log4Shell vulnerability and addressing concerns.

UPDATE: Initial findings around the Log4Shell vulnerability and the Nativo Platform have determined that it’s unlikely any data was compromised. All systems have been updated to the latest log4j patch and have been rigorously tested.

On December 10, 2021, a vulnerability, dubbed Log4Shell, in the commonly used Apache Log4j library was disclosed to the public (CVE-2021-44228). Apache issued a first patch for the vulnerability, which Nativo implemented, but this update proved to be incomplete, leaving our systems vulnerable for several days until Apache issued a second update.

We found evidence of possible unauthorized access to a small number of servers during a 24-hour period occurring between the deployment of the two provided patches. The servers potentially involved were located in a separate Virtual Private Cloud that is segregated from our main system. The data stored on these servers that may have been at risk includes User Profile Records, reference data tied to a Cookie ID or Mobile Advertising ID, and transactional data from Log Records (covering 6 hours activity) describing details about a user session and ad impression, including:

  • Timestamp.
  • Cookie ID or Mobile Advertising ID (as applicable).
  • User agent (device, browser, etc.).
  • IP address.
  • Browser language.
  • Page visited.
  • Referring page.
  • Key/value records.

More information on these data types can be found in our Privacy Policy.

By the time this activity was identified, the affected servers were already shut down as part of normal operations. All servers were quickly upgraded to a newer version of Log4j and all vulnerable systems were replaced. At the moment, there are no known vulnerabilities in our systems and no new exploit attempts have been identified.

We’ll continue to monitor the issue closely. If you have any questions concerning the Log4Shell vulnerability or Nativo’s response, please send a note to privacy@nativo.com.



No Cookies? No problem. How To Target and Measure in the New Cookieless Era

Watch our on-demand webinar to learn targeting solutions and strategies brands can use to reach their target audience

Case Study

How a Tourism Board Engaged Diverse Travelers with Curated Content Through Nativo

Nativo partnered with a tourism board to create tailor-made content aimed at fostering engagement among Black travelers

Case Study
Contextual Targeting 101

Leading Beauty Retailer Uses Nativo Predictive Audiences to Increase Performance 66%

A leading beauty retailer expands reach of holiday shoppers using Nativo Predictive Audiences