You can never be too complacent when it comes to using the internet. As much as you hate to think about it, a lot of online trolls love to steal data and leak data. There was a huge browser extension leak recently on two of the most famous browsers. Google Chrome and Mozilla Firefox users fell victim to one of the biggest cybersecurity crimes ever. Over 8 million users had their private information violated.
Updated on 16 December 2024
Eight browser extensions were shut down recently after a security researcher investigated it. The researcher actually discovered that they were sending the users’ private data to a marketing intelligence firm.
These extensions were reportedly able to read and copy shareable web links from users’ browser sessions. This included reports to people’s DNA testing services, personal photos found on Apple iCloud, and even tax documents shared over Microsoft OneDrive! Scary right?
According to Sam Jadali, the security researcher who was investigating this case for months, “This leak exposed personal identifiable information (PII) and corporate information (CI) on an unprecedented scale, impacting millions of individuals”.
To add, the data were immediately sent over to the marketing intelligence firm, Nacho Analytics in under an hour. This firm’s specialty is to measure traffic to different websites in order to inform their clients.
However, Nacho Analytics claims that its service is completely legal. On their site, it says, “Millions and millions of people all over the world have opted-in to anonymously share their web browsing history with us”. Still sounds fishy considering they had to go out of their way to secretly steal data.
Although a lot of browser extensions actually have privacy policies mentioning “anonymized” data collection. However, Nacho Analytics fell short on this area because they didn’t separate web links of private user information from their collection.
There were 8 browser extensions that stole over 4.1 million users’ data. This even involved both regular and business employees. Companies like Apple, Facebook, Microsoft, and Amazon also fell prey to the leak data issue.
The browser extensions, Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys, and Panel Community Surveys, were all shut down my Firefox and Chrome.
In addition, Jadali recommends users to permanently delete and uninstall these extensions to prevent any more data leak.
As expected, the company completely denied all accusations made against them. They claimed that none of its customers have ever tried to access sensitive web link data that it had been storing.
Nacho Analytics said in a notice on the website, “This was not a hack. No private information was disclosed. No customer information (names, credit card, email, etc.) was seen or accessed”.
They even added that they would be stopping all access to any potentially sensitive data. So, as a result, they are no longer accepting new sign-ups.
While Google is taking measures to make Chrome extensions safer, you should probably consider uninstalling browser extensions that you don’t use anymore.