Update: Outbrain Security Breach
We have fully secured the network and resumed service. If you have additional questions about the incident, please do not hesitate to contact us. Any additional updates will be posted here.
In addition, we will be compiling a fuller brief on the episode to share with anyone who would like more information. If you want to receive the brief, please email email@example.com.
We apologize for the inconvenience.
We have now secured the Outbrain network verifying the integrity of our code and blocking all external access to our systems. We have also restored system settings to their state prior to the attack.
We expect to resume service in the next few hours. We will let you know when the service is fully restored.
Thank you for your patience.
Earlier today, Outbrain was the victim of a social engineering attack by the Syrian Electronic Army. Below is a description of how the attack unfolded to help others protect against similar attempts. Updates will continue to be posted to this blog.
On the evening of August 14th, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain’s CEO. It led to a page asking Outbrain employees to input their credentials to see the information. Once an employee had revealed their information, the hackers were able to infiltrate our email systems and identify other credentials for accessing some of our internal systems.
At 10:23am EST SEA took responsibility for hack of a specified news organization, changing a setting through Outbrain’s admin console to label Outbrain recommendations as “Hacked by SEA.”
At 10:34am Outbrain internal staff became aware of the breach.
By 10:40am Outbrain network operations began investigating and decided to shut down all serving systems, degrade gracefully and block all external access to the system.
By 11:03am Outbrain finished turning off its service from all sites where we operate.
We are continuing to review all systems before re-initiating service.
We are aware that Outbrain was attacked earlier today and we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. Please stayed tuned here or to our Twitter feed for updates.