- TLC Home Home
- Discussions Discussions
- Documentation Documentation
- Knowledge Base Knowledge Base
- Education Education
- Blog Blog
- Support Desk Support Desk
08-01-2019 07:20 AM
Thanks guys for providing the perfect illustration to our Audit team regarding the importance of never allowing customer data to appear in page querystrings, for fear that it will end up in the web server logs of all third party resources requested on the page, from where it's outside of any controls our organisation might have:
https://opensecurity.global/forums/topic/65-multi-cdn-s3-bucket-leak-logs-update-fixed/
For all other users of TIQ, you may want to check this list to see if your account is on there before somebody in your cyber security team finds it first..
08-13-2019 03:25 PM - edited 08-13-2019 03:37 PM
Thank you Unknownj, we wholeheatedly agreed with your sage guidance around querystring references.
On July 31st, 2019 an independent security researcher on the internet discovered and reported a Tealium S3 bucket that contained CDN logs for a number of Tealium accounts.
We value the trust you put in us and our Services and are working tirelessly to ensure we live up to yours and our own highest expectations.
Matthew Pitta, Sr. Director - Information Security and Technology
Copyright All Rights Reserved © 2008-2023