Information about the Log4j issue.
Incident Report for Lookback
Resolved
This incident has been resolved.
Posted Jan 06, 2022 - 02:45 PST
Update
AWS has confirmed that the services we rely on were not vulnerable to attacks due to Log4j.
Posted Dec 17, 2021 - 00:19 PST
Monitoring
Log4j is a Java-based logging utility found in a wide number of software products.

The CVE-2021-44228 vulnerability (aka the “Log4Shell” vulnerability) was disclosed by the Apache Log4j project. If exploited, this vulnerability could potentially allow a remote attacker to execute code on the server.

We don't use Java in our systems and as such have no dependencies on Log4j. The one exception to this is our Android app, Participate, which does not use Log4j.

Our database providers are not affected. We rely on AWS as our datacenter and some of their systems may have been vulnerable in a way that affects us. We are investigating that further.

We continue to monitor the situation.
Posted Dec 14, 2021 - 03:16 PST