Padlet - Log4j Vulnerability – Incident details

Log4j Vulnerability

Started over 2 years agoLasted 2 days



Operational from 3:45 AM to 6:40 AM

  • Resolved

    We have since deprecated the software that used the version of Log4j that was vulnerable.

    We will mark this incident as resolved. In the meantime, we will continue our vigilance and patch or deprecate software that we believe has been affected.

  • Monitoring

    Our subprocessors have responded. They are either unaffected or have already taken measures to protect against exploitation of the Log4j vulnerability.

    Padlet had also integrated with a software that had used a version of Log4j that was vulnerable. However, the vulnerability could not have been exploited to access user's personal data. Our security team performed an incident analysis and there is no indication that user data was accessed. As a precautionary measure, as of 14 Dec 12pm UTC, we halted access to the software and will fully deprecate it in the next 24 hours.

  • Investigating

    Padlet does not use log4j in the software we write. That being said, as log4j is commonly used, we are in the midst of investigating software that we integrate with to determine if we are subject to the vulnerability and if so, evaluate impact and act to patch the affected software.

    In the meantime, we are systematically going through our list of subprocessors to ascertain if they too have been impacted by the log4j vulnerability.

    We will publish updates on our status page as soon as we have more clarity.