These Browser Extensions Steal and Leak Data on The Most Widely-Used Browsers

You can never be too complacent when it comes to using the internet. As much as you hate to think about it, a lot of online trolls love to steal data and leak data. There was a huge browser extension leak recently on two of the most famous browsers. Google Chrome and Mozilla Firefox users fell victim to one of the biggest cybersecurity crimes ever. Over 8 million users had their private information violated.
Updated on 16 December 2024

The Big Browser Extension Leak

Eight browser extensions were shut down recently after a security researcher investigated it. The researcher actually discovered that they were sending the users’ private data to a marketing intelligence firm.

These extensions were reportedly able to read and copy shareable web links from users’ browser sessions. This included reports to people’s DNA testing services, personal photos found on Apple iCloud, and even tax documents shared over Microsoft OneDrive! Scary right?

According to Sam Jadali, the security researcher who was investigating this case for months, “This leak exposed personal identifiable information (PII) and corporate information (CI) on an unprecedented scale, impacting millions of individuals”.

To add, the data were immediately sent over to the marketing intelligence firm, Nacho Analytics in under an hour. This firm’s specialty is to measure traffic to different websites in order to inform their clients.

However, Nacho Analytics claims that its service is completely legal. On their site, it says, “Millions and millions of people all over the world have opted-in to anonymously share their web browsing history with us”. Still sounds fishy considering they had to go out of their way to secretly steal data.

Beware of These Browser Extensions That Leak Data

Although a lot of browser extensions actually have privacy policies mentioning “anonymized” data collection. However, Nacho Analytics fell short on this area because they didn’t separate web links of private user information from their collection.

There were 8 browser extensions that stole over 4.1 million users’ data. This even involved both regular and business employees. Companies like Apple, Facebook, Microsoft, and Amazon also fell prey to the leak data issue.

The browser extensions, Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys, and Panel Community Surveys, were all shut down my Firefox and Chrome.

In addition, Jadali recommends users to permanently delete and uninstall these extensions to prevent any more data leak.

Nacho Analytic’s Response

As expected, the company completely denied all accusations made against them. They claimed that none of its customers have ever tried to access sensitive web link data that it had been storing.

Nacho Analytics said in a notice on the website, “This was not a hack. No private information was disclosed. No customer information (names, credit card, email, etc.) was seen or accessed”.

They even added that they would be stopping all access to any potentially sensitive data. So, as a result, they are no longer accepting new sign-ups.

Always Protect Yourself from Leak Data

While Google is taking measures to make Chrome extensions safer, you should probably consider uninstalling browser extensions that you don’t use anymore.

Debra R.

Meet Debra, a gadget enthusiast and skilled Product Manager with a Bachelor's degree in Electrical Engineering. Debra's passion for gadgets and technology has been the driving force behind her journey in the tech industry. With a background in Electrical Engineering, Debra possesses a strong technical foundation, which she utilizes to provide valuable insights and well-informed gadget reviews. Her expertise allows her to dissect complex tech features and present them in a clear and accessible manner for the website's readers. As a Product Manager, Debra is dedicated to curating high-quality content that meets the needs of tech enthusiasts. She ensures that the gadget review website offers comprehensive and accurate information, making it a go-to resource for those seeking reliable insights. For any inquiries or collaboration opportunities, don't hesitate to reach out to Debra at debra@digitogy.com.

Share
Published by