Check your image processing devops pipeline: Have you cleansed away sensitive EXIF data yet?

Your creative department has finally released your marketing campaign’s hero images, and your team is excited to put them into your image processing pipeline for rendering into all the optimized image formats such as AVIF, WebP etc.

But have you checked if any EXIF data inadvertently leaked to the outside world? We do have a fresh example here, in which you can see the hero image of an eCommerce site is telling the whole world that the customer is having a corporate account in a stock image supplier:

as well as other details such as the GPS location of the shot. This is certainly an example of information leakage and can increase risk of suffering from attacks through supply chain.

The cure is obvious once you see the problem, and there are more than one EXIF cleansers in github:

1 Like