Security Breach in Outbrain?

Recently, I installed the Outbrain rating widget on my blog. Outbrain is a great tool that enables readers to rate each of your posts, and suggests relevant posts to them depending on their rating history. I'll write more about Outbrain in one of my upcoming posts, as it is one of my favorite widgets. But as I discovered today, Outbrain still has its flaws - and today I think I found a serious one.


Earlier today, when I checked entrances to my blog using my FEEDJIT widget, I saw I got an entrance from a URL in the Outbrain domain (www.outbrain.com). When I clicked that URL (as I often do, curious to see who's referring to my Blog), I saw that it was actually some kind of testing website of Outbrain, containing information about blogs that recently installed, updated, or uninstalled the Outbrain widget. Nothing extraordinary so far... However, by further browsing in the page, I found out that the site also contains some personal information, like registered users' e-mail addresses, or statistics which I think should remain only with the registered user, like how many outbrain clicks he got so far...


I won't expose the specific URL I'm talking about here, as I don't want to increase the potential damage from this security breach. I will however share a partial screenshot of the mentioned site (blacking out all personal data, of course).


On discovering this issue, I immediately contacted Outbrain's CEO and one of their support employees (with whom I'm familiar from previous support sessions). Past experience proved me that Outbrain's response is usually prompt and efficient, and this was also the case now - after approx. two minutes I got a response from the CEO, saying they're looking into the matter ASAP. I'll update this blog once I get an official response from them.

Update: The issue described above was quickly solved after I reported it to Outbrain, and I got a reply from them confirming it. Please find more information in the following post.