Up to 4 million Google Chrome users may have had their personal data harvested – including photos, GPS location, genetic profiles, travel itineraries, online shopping history and credit card information.
The "catastrophic" data leak, dubbed DataSpii , involves eight browser extensions that have been covertly collecting Chrome and Firefox users' browsing activity data.
Two of these extensions – SpeakIt! and FairShare Unlock – have over a million users each.
The extensions collect highly sensitive user information from publicly accessible links that users share with family, friends, and colleagues, according to cybersecurity researcher Sam Jadali, who uncovered the leak.
These include links to Apple iCloud photos, Quickbooks invoices, 23andMe ancestry data, Nest security camera video clips, or confidential documents stored on OneDrive.
This data is then reportedly disseminated to members of an online service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account".
The data can be appropriated and exploited by anyone who subscribes to this service, according to Jadali.
In total, over 4 million users have one of these extensions installed on their browser, and tens of thousands of companies are impacted.
"Even if you did not have one of the extensions, you may not be immune to the data leak," said Jadali.
"If you or someone with whom you communicated with online had one of the invasive extensions installed on your computer, you may have been impacted by the DataSpii leak."
Google and Mozilla have disabled the browser extensions in Chrome and Forefox, claiming they breach their policies, so they are no longer available for download.
However, if you already have one installed on your browser, it may continue to harvest your data.
Source: Read Full Article