As you may be aware, a vulnerability was publicly announced recently relating to Apache Log4j, a common logging library widely used by companies around the world.
Our first priority was to make sure our customers’ data is protected and our environment is secure. So, when we learned of this vulnerability, our security, technical operations, and engineering teams quickly pulled together to establish a protocol for achieving our primary directive.
What Is the Log4j Vulnerability?
As reported by ArsTechnica, a zero-day vulnerability was discovered in the Apache Log4j logging library that enables attackers to take control of vulnerable servers. Log4j is widely used by companies like Apple, Twitter, and Tesla as well as the game Minecraft. The Cybersecurity & Infrastructure Security Agency (CISA) urged users to apply patches immediately to address the vulnerabilities.
What Actions Have We Taken?
At approximately 4:30pm PT on Friday, December 10, Backblaze took services offline in order to protect customer data and roll out security patches across all our systems to address the vulnerability.
12/11/2021 01:05am PT update: Systems are coming back online. While our teams work diligently to bring everything up, you may experience continued service disruptions. Thank you for your patience.
12/11/2021 02:58am PT update: Systems are back online and functioning normally. If you are experiencing any problems, please reach out to our Support Team: https://help.backblaze.com/hc/en-us/requests/new.
12/12/2021 01:50pm PT update: Our externally hosted Investor Relations site (ir.backblaze.com) is undergoing maintenance to address the Log4j vulnerability. Please reach out to email@example.com with any specific questions.
12/12/2021 05:57pm PT update: Our externally hosted Investor Relations site (ir.backblaze.com) is back online and functioning normally.
12/12/2021 08:16pm PT update: After additional testing, our externally hosted Investor Relations site still appears to be undergoing maintenance and we are redirecting it to this post. Please reach out to firstname.lastname@example.org with any specific questions in the meantime.