Monday August 26, 2019
Home Lead Story Chrome, Firef...

Chrome, Firefox Browser Extensions Leaked Millions of Users’ Data: Report

The security expert has suggested users to delete all browser extensions they have installed in the past

Google Chrome. Pixabay

Popular browser extensions like ad blockers have been caught harvesting personal data of millions of consumers who use Chrome and Firefox — not only their browsing histories but also exposing tax returns, medical records, credit card information and other sensitive data in the public domain.

According to an independent cyber security researcher Sam Jadali, the data has been leaked to a fee-based company called Nacho Analytics that gives unlimited access to any websites analytics data.

The data could be purchased for as little as $10 to $50, said Jadali whose report was first described in Ars Technica late on Friday.

“This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.

“Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive,, and other online services” have been exposed, said the report.

The exposed data via eight browser extensions also include vehicle identification, numbers of recently bought automobiles, along with the names and addresses of the buyers.

Patient details, travel itineraries, Facebook Messenger attachments and Facebook photos, even private, are now available in the public domain.

Browser extensions – also known as plug-ins or add-ons – are apps that consumers can install to run alongside their browser for additional functionality.

Firefox, Logo, Mozilla
Mozilla, the maker of Open Source browser Firefox, has released a new Firefox family of logos. Pixabay

The affected extensions were apps used by millions of people, including HoverZoom, SpeakIt!, and FairShare Unlock.

“The extensions have been remotely removed or disabled in consumers’ browsers and are no longer available for download,” said both Google and Firefox.

People who didn’t download the extensions may also be affected.

“Nobody is immune to this. Even if you don’t have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them,” Jadali was quoted as saying.

Also Read: Researchers Develop AI-driven System to Curb ‘Deepfake’ Videos

Nacho Analytics, for example, promises to let people “see anyone’s analytics account” and to provide “real-time web analytics for any website”.

The company charges $49 per month, per domain, to monitor any of the top 5,000 most widely-trafficked websites.

The security expert has suggested users to delete all browser extensions they have installed in the past. (IANS)

Next Story

Tech Giant Apple Dials ‘Privacy 2.0′ Keeping Users’ Privacy as Top Priority

With iOS 13 that is coming this fall, Apple users will probably have another reason to smile when it comes to data privacy and security

antitrust lawsuit, apple, iphone apps
FILE - Apple's App Store app is seen in Baltimore, MD., March 19, 2018. VOA

Not so long ago, Apple refused to unlock an iPhone for the US Federal Bureau of Investigation (FBI) sleuth, solely for the reason that users’ privacy has always been its topmost priority which can never be compromised.

What makes Apple stand out in the hullabaloo over privacy — at a moment when several tech giants such as Facebook, Google, Amazon and Twitter face intense scrutiny and record penalties from the governments for compromising users’ personal information — is its proactive approach towards maintaining strong security hygiene around its device and app ecosystem.

Now, to bolster its data security efforts in India, Apple on Sunday launched an out of home (OOH) privacy campaign in Bengaluru, Gurugram and Mumbai via TV, YouTube and social media platforms.

The idea is to reach out to people in the country and make them understand how data privacy has to be at the core of their devices.

The fact is: Apple is yet to face any big controversy over users’ privacy or data violation and for the company, “the user controls the data, not the company”.

Apple which listens to both internal and external viewpoints while ringfencing users from new-age cyber criminals, has now launched “Privacy 2.0” to give users peace of mind about their data and personal space.

Be it processing data on the device so that only user can see or minimising personal data collection as it design products, Apple is challenging itself to collect as little customer data as possible.

The idea is to disassociate the user from their data.

Apple in June announced a slew of new privacy features with iOS 13, like Sign in with Apple where the user won’t need to sign into Apple devices with third-party players like Facebook or Google.

The feature rivals similar sign-ins from Facebook and Google and guards the users by Apple’s Face ID 3D login system on iPhones and iPads.

FILE – Apple Chief Executive Officer Tim Cook speaks at the Apple Worldwide Developer conference (WWDC) in San Jose, California, U.S., June 4, 2018. VOA

“Data collection is limited to the user’s name and email address, and Apple’s private email relay lets users receive email even if they prefer to keep their address private. Apple will not track users as they interact with your app,” the company said.

“All accounts are protected with two-factor authentication for superior security, and Apple will not track users’ activity in your app or website,” said Apple.

When it is necessary for data to leave your device to be processed or stored in the cloud, Apple would let you know and give you the ability to control it.

Every account using ‘Sign In with Apple’ is automatically protected with two-factor authentication. On Apple devices, users are persistently signed in and can re-authenticate anytime with Face ID or Touch ID.

“Sign In with Apple” works natively on iOS, macOS, tvOS and watchOS. It works in any browser, which means you can deploy it on your website and in versions of your apps running on other platforms.

Apple is also working on new security features to safeguard your photos and videos from hacking or third-party apps from reading your information.

Also Read: Social Media Platforms Now Weaponised, and There is NO Way Out!

“iOS 13 is twice as faster than iOS 12. The idea is to give Apple users a more agile and secure experience,” says Apple CEO Tim Cook.

With iOS 13 that is coming this fall, Apple users will probably have another reason to smile when it comes to data privacy and security.

“The Indian leg of the privacy campaign will begin from 28 July across out of home (OOH) platforms in Bengaluru, Gurugram and Mumbai, and television advertisements, besides and social media. The television ads will feature a privacy film featured on Youtube,” said a person aware of the details of the campaign. (IANS)