Chartbeat Blog

[Repost from 8/23] CTO Update: Phishing Attack

You saw in our CEO Tony’s post yesterday that Chartbeat was a target of a phishing attack this week. It’s my job to make sure any attempts like these aren’t successful, so it pains me to say when an attack was, to any extent. But I want you guys to understand what we learned, so you can benefit from our experiences, just as we benefitted from the swift action and transparency displayed by our peers (Outbrain, SocialFlow, and others). This week, we went from sympathizers of their experience to empathizers and hope that through this post and all our learnings, you can remain in the camp of the former, and avoid fully the camp of the latter.

I’d like to give you as many details about what security measures we had in place to protect our site and yours, what measures we immediately put in place, and what we are putting in place over the coming days. I apologize in advance if any of this seems vague. While I want to be as transparent as possible with you, we don’t want to give anyone a roadmap as to how they can access Chartbeat or your site. Know that there are many, many layers of protection beyond the high level overview I’ve included here.

Protection we’ve had in place

Protection we immediately put in place

Protection we’re working to get in place

Those are just some of the things we’re working on and we’d love to hear your thoughts and learnings on what we could do going forward. We know this is continuous and ongoing, systematic work.

I hope this helps you to know that your sites have been and are protected, and that there are things that all of us can do to work together to build up stronger and stronger enforcements across the web.