Unsecured S3 bucket containing TIQ CDN logs

UnknownJ
Occasional Contributor
UnknownJ Occasional Contributor

Thanks guys for providing the perfect illustration to our Audit team regarding the importance of never allowing customer data to appear in page querystrings, for fear that it will end up in the web server logs of all third party resources requested on the page, from where it's outside of any controls our organisation might have:

https://opensecurity.global/forums/topic/65-multi-cdn-s3-bucket-leak-logs-update-fixed/

For all other users of TIQ, you may want to check this list to see if your account is on there before somebody in your cyber security team finds it first..

1 REPLY 1

Unsecured S3 bucket containing TIQ CDN logs

Tealium Employee

Thank you Unknownj, we wholeheatedly agreed with your sage guidance around querystring references.

On July 31st, 2019 an independent security researcher on the internet discovered and reported a Tealium S3 bucket that contained CDN logs for a number of Tealium accounts.  In addition to a security-related post, the researcher reached out to us in good faith and made contact with Tealium Information Security Team directly in order to report his findings.The S3 bucket was part of our response to internal requests to process our CDN logs relating to objects we delivered as part of the TMS service.  The logs contain object requests from our CDNs for the TMS files we delivered for you.We are disappointed that this lapse in our manual processes led to the public disclosure of our log files and have taken specific measures to ensure this will not happen again. This was a breakdown in our manual business processes and we can assure you that none of our automated security systems were breached and the security controls of our platform are not affected.The logs disclose very limited information relating to the objects requested from our CDNs and did not disclose any UDH visitor or event data.  Immediately, access to the affected bucket was removed by Tealium’s Network Operations and InfoSec Teams.  This incident was caused by a process breakdown involving human-error that failed to implement our required access controls.   Tealium has performed an extensive audit and has verified all S3 buckets are appropriately permissioned;  and we are focusing on automation and layered controls in order to make sure this doesn’t happen again.

We value the trust you put in us and our Services and are working tirelessly to ensure we live up to yours and our own highest expectations.

Matthew Pitta, Sr. Director - Information Security and Technology

Sr. Director - Information Security and Technology