All Vendors
data_enrichment

Cognism

Cognism is a data enrichment vendor that combines phone-verified contact data with Bombora intent signals, creating a dual-layer intelligence product where your prospecting behavior feeds a shared data ecosystem accessible to competitors.

94 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Cognism discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps

compliance

MEDIUM
They Claim

GDPR compliant with ISO 27001, ISO 27701, SOC 2 Type II certifications

Observed Behavior

Certifications address security controls and privacy management frameworks, not the underlying legality of the legitimate interest basis for mass B2B data processing. A 2021 external critique challenged deletion request responsiveness.

accuracy

MEDIUM
They Claim

Diamond Data provides phone-verified mobile numbers

Observed Behavior

Verification is point-in-time. No public disclosure of reverification cadence, data decay rates, or what percentage of the total database carries Diamond verification versus standard unverified records.

data_provenance

HIGH
They Claim

Intent data identifies accounts actively researching your topics

Observed Behavior

70% of intent signals come from Bombora's cooperative network—the same signals available to any Bombora partner including ZoomInfo, 6sense, and TechTarget customers. No competitive differentiation in shared intent data.

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Runtime behavior of the browser extension, actual data collection scope, and any tracking deployed on customer-facing surfaces require direct observation to fully characterize.

Customer Impact

What This Means For You

Revenue risk centers on three dynamics. First, intent signal commoditization: because Bombora intent data is available through multiple platforms, acting on Cognism intent signals provides no first-mover advantage. Your competitors see the same surge signals and target the same accounts simultaneously, driving up outreach noise and reducing conversion rates for everyone. Second, bidirectional data exposure: the 2-Way Sync with HubSpot and similar CRM integrations means your pipeline data feeds back to Cognism. While Cognism does not explicitly market pipeline intelligence products, the architectural capability exists for aggregate pipeline data to inform their platform. Third, legitimate interest fragility: European regulatory trends are narrowing the scope of legitimate interest for commercial data processing. If a landmark ruling restricts this basis for B2B enrichment, organizations relying on Cognism-sourced data for EU outreach face immediate compliance exposure.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Cognism

  • - Audit the scope of bidirectional CRM sync permissions, particularly the HubSpot 2-Way Sync, and restrict to one-way enrichment if pipeline data exposure is a concern. - Evaluate whether Bombora intent signals provide actionable differentiation given that the same data is available to competitors through 30+ other platforms. - Request Cognism's Diamond Data reverification cadence and data decay metrics to assess contact freshness for your specific market segments. - Review the legitimate interest balancing test documentation Cognism has completed for your jurisdiction, and assess whether it adequately covers your use case. - Implement DNC list cross-referencing as a secondary check beyond Cognism's built-in scrubbing, particularly for markets where Cognism's 15-list coverage may have gaps.

Negotiation Leverage

  • Cognism's negotiation exposure centers on the Bombora dependency and bidirectional data flows. The fact that 70% of intent data comes from a shared cooperative network undermines Cognism's value proposition for intent-driven prospecting—use this to negotiate pricing that reflects the commodity nature of shared intent signals. Push for Diamond Data coverage guarantees with contractual SLAs on verification freshness and accuracy rates.
  • Demand explicit contractual restrictions on how your CRM data flowing back through bidirectional sync can be used, stored, or aggregated by Cognism. Request data processing addendums that specifically address legitimate interest as the legal basis and include indemnification for regulatory challenges to this basis. Cognism's heavy investment in GDPR compliance positioning (three certifications) gives you leverage to demand substantive compliance guarantees, not just certification references.
IOC Manifest

IOC Manifest

94 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.cognism.com/hubfs/hub_generated/module_assets/1/*/*/module_Simple_B2B_Quote_Slider.js*
Tracking script
TRACK
*www.cognism.com/hubfs/hub_generated/template_assets/1/*/*/template_main.js*
Tracking script
TRACK
*www.cognism.com/hubfs/hub_generated/module_assets/1/*/*/module_right-click-logo.js*
Tracking script
TRACK
*www.cognism.com/hs/hsstatic/content-cwv-embed/static-1.*/embed.js*
Tracking script
TRACK
*www.cognism.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js*
Tracking script
TRACK
*www.cognism.com/hs/hsstatic/HubspotToolsMenu/static-1.640/js/index.js*
Tracking script
TRACK
*www.cognism.com/hs/scriptloader/*.js*
Tracking script
TRACK
*go.cognism.com/pd.js*
Tracking script
TRACK
*go.cognism.com/analytics*
Tracking script
TRACK
www.cognism.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js
Auto-extracted from scan
TRACK
www.cognism.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Auto-extracted from scan
TRACK
www.cognism.com/hubfs/hub_generated/template_assets/1/67906986029/1772184203903/template_main.min.js
Auto-extracted from scan
TRACK
www.cognism.com/hubfs/hub_generated/module_assets/1/186588396898/1770717023229/module_right-click-logo.min.js
Auto-extracted from scan
TRACK
www.cognism.com/hubfs/hub_generated/module_assets/1/187982744171/1743424158846/module_Simple_B2B_Quote_Slider.min.js
Auto-extracted from scan
TRACK
www.cognism.com/hs/scriptloader/2340453.js
Auto-extracted from scan
TRACK
www.cognism.com/hs/hsstatic/HubspotToolsMenu/static-1.640/js/index.js
Auto-extracted from scan
TRACK
go.cognism.com/pd.js
Auto-extracted from scan
TRACK
go.cognism.com/analytics
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Cognism integrates natively with Salesforce, HubSpot (including a bidirectional 2-Way Sync), Pipedrive, Microsoft Dynamics 365, Outreach, Salesloft, and Bullhorn. The HubSpot 2-Way Sync is particularly significant: it creates a continuous data exchange where CRM records flow back to Cognism, not just from it. This bidirectional architecture means Cognism has ongoing visibility into your contact database state. The most consequential ecosystem relationship is the Bombora partnership. Bombora operates a cooperative data network of 5,000+ B2B websites where member sites share visitor content consumption data. This data is aggregated into Company Surge intent signals that Cognism resells. However, Bombora also supplies this same intent data to ZoomInfo, 6sense, TechTarget, Demandbase, and dozens of other platforms—meaning the intent signals your team acts on are simultaneously available to competitors using any Bombora partner. Cognism also sources data from undisclosed third-party vendors, creating supply chain opacity.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

94 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details