Monday December 16, 2019
Home Lead Story Chrome, Firef...

Chrome, Firefox Browser Extensions Leaked Millions of Users’ Data: Report

The security expert has suggested users to delete all browser extensions they have installed in the past

0
//
zoutons
Google Chrome. Pixabay

Popular browser extensions like ad blockers have been caught harvesting personal data of millions of consumers who use Chrome and Firefox — not only their browsing histories but also exposing tax returns, medical records, credit card information and other sensitive data in the public domain.

According to an independent cyber security researcher Sam Jadali, the data has been leaked to a fee-based company called Nacho Analytics that gives unlimited access to any websites analytics data.

The data could be purchased for as little as $10 to $50, said Jadali whose report was first described in Ars Technica late on Friday.

“This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.

“Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services” have been exposed, said the report.

The exposed data via eight browser extensions also include vehicle identification, numbers of recently bought automobiles, along with the names and addresses of the buyers.

Patient details, travel itineraries, Facebook Messenger attachments and Facebook photos, even private, are now available in the public domain.

Browser extensions – also known as plug-ins or add-ons – are apps that consumers can install to run alongside their browser for additional functionality.

Firefox, Logo, Mozilla
Mozilla, the maker of Open Source browser Firefox, has released a new Firefox family of logos. Pixabay

The affected extensions were apps used by millions of people, including HoverZoom, SpeakIt!, and FairShare Unlock.

“The extensions have been remotely removed or disabled in consumers’ browsers and are no longer available for download,” said both Google and Firefox.

People who didn’t download the extensions may also be affected.

“Nobody is immune to this. Even if you don’t have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them,” Jadali was quoted as saying.

Also Read: Researchers Develop AI-driven System to Curb ‘Deepfake’ Videos

Nacho Analytics, for example, promises to let people “see anyone’s analytics account” and to provide “real-time web analytics for any website”.

The company charges $49 per month, per domain, to monitor any of the top 5,000 most widely-trafficked websites.

The security expert has suggested users to delete all browser extensions they have installed in the past. (IANS)

Next Story

At Least 100 Developers May Have Accessed Users’ Data for Months, Reveals Facebook

According to Facebook's director of platform partnerships, Konstantinos Papamiltiadis, the new framework under their agreement with the FTC means more accountability and transparency into how it builds and maintains products

0
Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple's App Store, July 30, 2019. VOA

In yet another data breach, Facebook on Wednesday revealed that at least 100 app developers may have accessed Facebook users’ data for months, confirming that at least 11 partners “accessed group members’ information in the last 60 days”.

The social networking giant found that the apps — primarily social media management and video streaming apps — retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface).

“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” the company said in a statement.

“We’ve removed or restricted a number of our developer APIs, such as the Groups API, which provides an interface between Facebook and apps that can integrate with a group,” it added.

Facebook is facing scrutiny after personal data of 87 million users were harvested by UK-based political consulting firm Cambridge Analytica. The Federal Trade Commission (FTC) has slapped Facebook with a $5 billion fine as a result of the breach.

According to the company, the apps designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups.

Fake, News, WhatsApp, Facebook, India
The Facebook mobile app on an Android smartphone. Wikimedia Commons

“For example, if a business managed a large community consisting of many members across multiple groups, they could use a social media management app to provide customer service, including customized responses, at scale.”

“But while this access provided benefits to people and groups on Facebook, we made the decision to remove it and are following through on that approach,” said Facebook.

Also Read: Twitter India Finds Itself in the Midst of Another Caste Row

According to Facebook’s director of platform partnerships, Konstantinos Papamiltiadis, the new framework under their agreement with the FTC means more accountability and transparency into how it builds and maintains products.

“As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform,” said the company. (IANS)