Technology
Chrome, Firefox browser extensions leaked millions of users' data
Washington, July 20
Popular browser extensions like ad blockers have been caught harvesting personal data of millions of consumers who use Chrome and Firefox -- not only their browsing histories but also exposing tax returns, medical records, credit card information and other sensitive data in the public domain.
According to an independent cyber security researcher Sam Jadali, the data has been leaked to a fee-based company called Nacho Analytics that gives unlimited access to any websites analytics data.
The data could be purchased for as little as $10 to $50, said Jadali whose report was first described in Ars Technica late on Friday.
"This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.
"Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services" have been exposed, said the report.
The exposed data via eight browser extensions also include vehicle identification, numbers of recently bought automobiles, along with the names and addresses of the buyers.
Patient details, travel itineraries, Facebook Messenger attachments and Facebook photos, even private, are now available in the public domain.
Browser extensions - also known as plug-ins or add-ons - are apps that consumers can install to run alongside their browser for additional functionality.
The affected extensions were apps used by millions of people, including HoverZoom, SpeakIt!, and FairShare Unlock.
"The extensions have been remotely removed or disabled in consumers' browsers and are no longer available for download," said both Google and Firefox.
People who didn't download the extensions may also be affected.
"Nobody is immune to this. Even if you don't have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them," Jadali was quoted as saying.
Nacho Analytics, for example, promises to let people "see anyone's analytics account" and to provide "real-time web analytics for any website".
The company charges $49 per month, per domain, to monitor any of the top 5,000 most widely-trafficked websites.
The security expert has suggested users to delete all browser extensions they have installed in the past.
According to an independent cyber security researcher Sam Jadali, the data has been leaked to a fee-based company called Nacho Analytics that gives unlimited access to any websites analytics data.
The data could be purchased for as little as $10 to $50, said Jadali whose report was first described in Ars Technica late on Friday.
"This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.
"Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services" have been exposed, said the report.
The exposed data via eight browser extensions also include vehicle identification, numbers of recently bought automobiles, along with the names and addresses of the buyers.
Patient details, travel itineraries, Facebook Messenger attachments and Facebook photos, even private, are now available in the public domain.
Browser extensions - also known as plug-ins or add-ons - are apps that consumers can install to run alongside their browser for additional functionality.
The affected extensions were apps used by millions of people, including HoverZoom, SpeakIt!, and FairShare Unlock.
"The extensions have been remotely removed or disabled in consumers' browsers and are no longer available for download," said both Google and Firefox.
People who didn't download the extensions may also be affected.
"Nobody is immune to this. Even if you don't have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them," Jadali was quoted as saying.
Nacho Analytics, for example, promises to let people "see anyone's analytics account" and to provide "real-time web analytics for any website".
The company charges $49 per month, per domain, to monitor any of the top 5,000 most widely-trafficked websites.
The security expert has suggested users to delete all browser extensions they have installed in the past.
1 hour ago
Akshara Haasan says her part in ‘Simulacra’ demanded different level of maturity from her
1 hour ago
Sonakshi Sinha warns paps not to capture inside car visuals, refuses to get inside till they stop shooting
1 hour ago
Trump says US will take over Hormuz, become its 'guardian angel'
2 hours ago
Uttar Pradesh: Case filed against American national for entering India without valid documents
2 hours ago
Trump, Netanyahu, Meloni among 13 world leaders featured on Iran's "revenge list"
2 hours ago
"Get ready for sudden death": Iran issues chilling warning after Trump ally's demise
2 hours ago
US Senator Lindsey Graham passed away due to 'aortic dissection', says preliminary medical report
3 hours ago
Houthi TV reports Saudi airstrikes on Sanaa airport
7 hours ago
Vidhatri Bandi recalls losing her father just days before filming 'Max, Min and Meowzaki': Was devastatingly numb
7 hours ago
Keanu Reeves opens up on life lesson he got from bike racing
7 hours ago
New ‘Batwara 1947’ poster symbolises hope and resilience in turbulent times
7 hours ago
Anu Malik on working with Hema Malini in ‘three films’: Those memories will always remain close to my heart
7 hours ago
Shilpa Shetty: Gratitude has always been the bedrock of my life
