Log4Shell Vulnerability And The Nativo Platform

Nativo is monitoring the Log4Shell vulnerability and addressing concerns.

UPDATE: Initial findings around the Log4Shell vulnerability and the Nativo Platform have determined that it’s unlikely any data was compromised. All systems have been updated to the latest log4j patch and have been rigorously tested.

On December 10, 2021, a vulnerability, dubbed Log4Shell, in the commonly used Apache Log4j library was disclosed to the public (CVE-2021-44228). Apache issued a first patch for the vulnerability, which Nativo implemented, but this update proved to be incomplete, leaving our systems vulnerable for several days until Apache issued a second update.

We found evidence of possible unauthorized access to a small number of servers during a 24-hour period occurring between the deployment of the two provided patches. The servers potentially involved were located in a separate Virtual Private Cloud that is segregated from our main system. The data stored on these servers that may have been at risk includes User Profile Records, reference data tied to a Cookie ID or Mobile Advertising ID, and transactional data from Log Records (covering 6 hours activity) describing details about a user session and ad impression, including:

  • Timestamp.
  • Cookie ID or Mobile Advertising ID (as applicable).
  • User agent (device, browser, etc.).
  • IP address.
  • Browser language.
  • Page visited.
  • Referring page.
  • Key/value records.

More information on these data types can be found in our Privacy Policy.

By the time this activity was identified, the affected servers were already shut down as part of normal operations. All servers were quickly upgraded to a newer version of Log4j and all vulnerable systems were replaced. At the moment, there are no known vulnerabilities in our systems and no new exploit attempts have been identified.

We’ll continue to monitor the issue closely. If you have any questions concerning the Log4Shell vulnerability or Nativo’s response, please send a note to privacy@nativo.com.


Resources

News
Advertiser
Publisher

B2B Tech Insights Report 2022

Read our Insights Report on Tech B2B outcomes and responsibilities

Webinar

Here's a Checklist on How To Translate Data Into Compelling Insights

While marketers have never had more data at their fingertips, there is a world of difference between a data point and an insight.

Advertiser

Delivering More Personalized Content in an Increasingly Context First, Cookieless World

We are living in the relationship era and the cookieless future is less fear factor, more opportunity – a chance to reinsert value and personalization into relationships.