Summary:

Tableau Online includes the feature "Admin Views," which allows authenticated site administrators to view usage, traffic, and other metadata on a given site.

 

On 23 May 2017, from 13:05 PST to 20:00 PST, site administrators could view metadata from other sites hosted on the same Tableau Online pod including: usernames (displayed as email addresses), workbook names, data source names, and view titles. Tableau Online usage statistics indicate that the potential metadata breach was limited to 36 people who logged in and used Admin Views during the outage period.

 

Data contained in the workbooks was not exposed.

 

Vulnerable Version: Tableau Online, pods 10AY and US-East-1

 

Resolution: As of 23 May 2017 20:00 PST the issue has been resolved.

No user action is required.