Researcher in the field of cybersecurity Gidali Sam (Sam Jidali) recently found a huge data breach, revealing personal information of millions of people and 45 large companies. Called “DataSpii” was Jidali and his team, the leak was caused by a completely unremarkable at first glance, extensions for Chrome and Firefox, which were collected and distributed data about user activity on the network — URLS that reveal personal information about users, as well as a long list of companies including Apple, Walmart , Amazon, 23AndMe, SpaceX, Skype and many others. (Full list can be viewed in the report Jidali).
Threat to eight extensions for the browser
Here are eight extensions, used to spy on users:
- Branded Surveys (Chrome)
- FairShare Unlock (Chrome and Firefox)
- HoverZoom (Chrome)
- Community Panel Surveys (Chrome)
- PanelMeasurement (Chrome)
- SaveFrom.net Helper (Firefox)
- SpeakIt! (Chrome)
- SuperZoom (Chrome and Firefox)
The researcher reported on the detected leakage companies Chrome, and Mozilla, which said remote disabling extensions and deleting them from your specialized online shops. However, Jidali continued to monitor the activity of these disabled browser extensions, later finding that they still track user data, although their main function was disabled.
In other words, better remove any and all extensions above, if you use any of them. While some of these extensions had no more than 10 users, the other had a user base consisting of several hundreds of thousands (and sometimes over a million) people.
See also: Popular games send your data to third parties, and the developers are not even aware of
Each of these extensions was tracking the data in different ways and used their own cunning tactics — for example, is expected to 24 days after installation, and then activated and began the process of surveillance, thereby confusing the data collection process. The collected data is then sold to any interested persons, completing a process that was Gidali describes in his full report in the following infographic:
Gidali has also warned the company, whose information has also been revealed, and they were able to confirm the findings Jidali. The data leak included confidential corporate information and compromising user data, such as employee names, addresses, credit card information, passwords and PIN codes stored in the cloud, files and more — in some cases even the documents of taxation, genetic information and medical history.
As one example, here is a list of public photos iCloud that were backed up with malicious extensions, and they are all easily searchable via Google Analytics:
See also: Vulnerability in the Google Photos allowed to declassify the data of users
Certainly like to prevent such data theft
Despite the fact that all users who were affected by this situation, be warned, it is always advisable to view your account activity and/or change confidential information when there is a leak like this, even if your data has not been compromised.
Looking ahead, I will first give just one piece of advice: Limit the number of extensions that you use in your browser. That extension appears in the official store, doesn’t necessarily mean that it is safe.
While there are a lot of really useful third-party browser extensions, there are also many who just want to take advantage of you. We are not talking about how to get rid of all from all the extensions, what would be the most safe practice, but take note those that set in your browser. Maybe you don’t need 30+ extensions to do most of your work, and a simple set of five — from the official developers, which you know would with the same efficiency to help you throughout the day.
Share your opinion in the comments under this material in our Telegram chat.