Log4Shell Vulnerability And The Nativo Platform

Nativo is monitoring the Log4Shell vulnerability and addressing concerns.

UPDATE: Initial findings around the Log4Shell vulnerability and the Nativo Platform have determined that it’s unlikely any data was compromised. All systems have been updated to the latest log4j patch and have been rigorously tested.

On December 10, 2021, a vulnerability, dubbed Log4Shell, in the commonly used Apache Log4j library was disclosed to the public (CVE-2021-44228). Apache issued a first patch for the vulnerability, which Nativo implemented, but this update proved to be incomplete, leaving our systems vulnerable for several days until Apache issued a second update.

We found evidence of possible unauthorized access to a small number of servers during a 24-hour period occurring between the deployment of the two provided patches. The servers potentially involved were located in a separate Virtual Private Cloud that is segregated from our main system. The data stored on these servers that may have been at risk includes User Profile Records, reference data tied to a Cookie ID or Mobile Advertising ID, and transactional data from Log Records (covering 6 hours activity) describing details about a user session and ad impression, including:

  • Timestamp.
  • Cookie ID or Mobile Advertising ID (as applicable).
  • User agent (device, browser, etc.).
  • IP address.
  • Browser language.
  • Page visited.
  • Referring page.
  • Key/value records.

More information on these data types can be found in our Privacy Policy.

By the time this activity was identified, the affected servers were already shut down as part of normal operations. All servers were quickly upgraded to a newer version of Log4j and all vulnerable systems were replaced. At the moment, there are no known vulnerabilities in our systems and no new exploit attempts have been identified.

We’ll continue to monitor the issue closely. If you have any questions concerning the Log4Shell vulnerability or Nativo’s response, please send a note to privacy@nativo.com.


Resources

Deals & Packages

Reach for Gold: Nativo’s Summer Olympics Strategy

Harness the global platform of the 2024 Summer Olympics to elevate your brand's visibility

Deals & Packages

Nativo’s Playbook for Summer Sports Success

Why Your Brand Should Leverage Summer Sports

Webinar

No Cookies? No Problem! How Publishers Will Thrive in the Cookieless Era

Watch our on-demand webinar to learn cookieless targeting solutions, how to measure success, and more.