Midbound | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Midbound discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

10 detections across 8 sites70% pre-consent activity

CRITICAL

Pre-Consent Activity

Midbound was observed loading and executing before user consent was obtained on 70% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

HIGH

They Claim

“Pending claims extraction”

Observed Behavior

High Broker (40) and Counselor (65) scores indicate significant undisclosed identity sharing and consent violations. Privacy policy likely omits IP-to-company matching and cross-site visitor tracking.

Customer Impact

What This Means For You

Sales loses real-time account intelligence if Midbound is removed. Marketing cannot attribute anonymous traffic to target accounts for ABM campaigns. However, retention creates exposure: regulatory complaints for unlawful identity processing, data subject access requests revealing granular tracking, reputational harm if visitor surveillance practices become public.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Midbound

→Implement consent gate before Midbound identity resolution activates
→Audit firmographic data sources for lawful collection and sharing basis
→Review Data Processing Agreement for identity graph sharing with third parties
→Confirm privacy policy discloses IP-based company identification

If You're Evaluating Midbound

→Defer Midbound scripts until post-consent confirmation
→Require vendor attestation on GDPR Article 6 lawful basis for identity processing
→Assess first-party intent signal alternatives without cross-site tracking
→Implement visitor anonymization controls for non-consenting users

Negotiation Leverage

→Midbound contract likely permits identity data resale or platform-wide sharing - demand explicit prohibition and customer data isolation
→Identity graphs may persist visitor records indefinitely - negotiate retention limits aligned to sales cycle length
→Confirm Midbound honors GDPR deletion requests and purges visitor records from identity graphs
→Request disclosure of all firmographic data sources and third-party enrichment partners used for visitor matching

Runtime Detections

2 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

IOC Manifest

10 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*identity.mdb.tools/sync/resolve*

Tracking script

TRACK

mdb.tools

Tracking script

Ecosystem

Ecosystem & Supply Chain

Midbound integrates with CRM systems, marketing automation platforms, and ABM tools. Deanonymized visitor data feeds sales intelligence dashboards and account scoring models. Often deployed with complementary intent signals that benefit from shared identity graphs.

Loaded By (5)

Influ2 Mutiny Datadog Rum Intercom Googletagmanager

Commonly Deployed With

Googletagmanager Googleanalytics4 Doubleclick

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

10 detection signatures across scripts, domains, cookies, and network endpoints