A massive data leak was recently discovered by cybersecurity researcher
Sam Jidali, revealing private information for 45 major companies and millions of individuals. Dubbed “DataSpii” by Jidali and his team, the leak was perpetrated by innocent-looking Chrome and Firefox browser extensions that collected and distributed users’ browsing data—URLs that revealed private information about users and a long list of companies, including Apple, Walmart, Amazon, 23AndMe, SpaceX, Skype, and many more. (The
full list is included in Jidali’s report.)
The eight extensions used to carry out the leak are:
- Branded Surveys (Chrome)
- FairShare Unlock (Chrome and Firefox)
- HoverZoom (Chrome)
- Panel Community Surveys (Chrome)
- PanelMeasurement (Chrome
- SaveFrom.net Helper (Firefox)
- SpeakIt! (Chrome)
- SuperZoom (Chrome and Firefox)
Jidali reported the tracking activity to Chrome and Mozilla, who responded by remotely disabling the add-ons and removing them from their marketplaces. However, Jidali continued to monitor the activity of these now-disabled browser add-ons, only to find that they were still tracking user data even though their main functionality was disabled.
In other words,
uninstall any of the extensions listed above if you’re using any of them. While some of these extensions had fewer than 10 users, at least two had over a million, and the rest had tens-to-hundreds of thousands of users.