silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,172
Read more below:Security researchers have discovered eight Chrome and Firefox extensions that leak user data, including personally identifiable information (PII) and corporate information (CI).
Referred to as DataSpii (pronounced data-spy), the leak was detected within the internal network environments of several Fortune 500 companies and resulted in browsing activity being sent to a service that would sell it to subscription members in near real-time, according to the "Security with Sam" blog.
Personal and corporate data accessible via said online service includes personal interests, tax returns, GPS location, travel itineraries, gender, genealogy, usernames, passwords, credit card information, genetic profiles,company memos, employee tasks, API keys, proprietary source code, LAN environment data, firewall access codes, proprietary secrets, operational material, and zero-day vulnerabilities.
The eight extensions found to engage in said behavior had a total user count of millions. They, however, state in either their terms of service, privacy policies, or descriptions that they may collect user data, either personally or non-personally identifiable.
The offending extensions include Hover Zoom (800,000 Chrome users), SpeakIt! (1.4 million Chrome users), SuperZoom (329,000 Chrome and Firefox users), SaveFrom.net Helper (around 140,000 Firefox users), FairShare Unlock (1 million Chrome and Firefox users), PanelMeasurement (500,000 Chrome users), Branded Surveys (8 Chrome users), and Panel Community Surveys (1 Chrome user).
Browser Extensions Massively Collecting User Data
Security researchers have discovered eight Chrome and Firefox extensions that leak user data, including personally identifiable information (PII) and corporate information (CI).
www.securityweek.com
DataSpii - A global catastrophic data leak via browser extensions
User browsing activity data is being collected by invasive browser extensions and the found in an online publicly accessible database.
securitywithsam.com