It turns out that more than 4 million personal information has been leaked from Chrome and Firefox extensions and sold online
Cybersecurity researcher
DataSpii-A global catastrophic data leak via browser extensions
https://securitywithsam.com/2019/07/7 dataspii-leak-via-browser-extensions /
My browser, the spy: How extensions slurped up browsing histories from 4M users | Ars Technica
https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dish-private-data-from-apple-tesla-blue-origin-and-4m-people/
DataSpii is a catastrophic data breach that has occurred through eight Chrome and Firefox extensions, and it is believed that millions of personally identifiable information (PII) have been leaked. The information collected by the extension is not only browser browsing history, but also GPS location information and credit card information, online shopping history, cloud services and their data, tax forms, genealogy, genetic information, Facebook photos, cars It was said that vehicle identification number etc. were included. These are the sites of a web analytics company called Nacho Analytics, and it has been published as a service called ' See Anyone's Analytics Account '.
The following screen is a list of URL links of Apple iCloud among the published information. iCloud can generate a publicly accessible unique link, which you can access to view and download photos. In addition, the link will not only show the photo, but it may also show the iCloud user's first and last name.
In addition, not only individuals but also companies are suffering from information leaks, and employee attendance information, private LAN structure, personal information in the cloud platform, videos of surveillance cameras, etc. were also disclosed in Nacho Analytics. . For example, the screen below shows where personal surnames and boarding dates have leaked as URLs for Southwest Airlines, United Airlines, and American Airlines. Southwest Airlines had already been renovating the system following the spill with DataSpii.
In addition, the URL path when a company purchases an
In fact, when Mr. Jadari experimentally leaked personal information with the extension and monitored web traffic in the specific domain, it seems that access from a third party was confirmed. I reported the issue to Google and Mozilla, and the extension with the problem was immediately disabled remotely, and the delivery was also stopped.
The following extensions are related to DataSpii: Jadari said that if you use the following extensions, you should not only uninstall, but also restrict access to sharable links and remove personal information from metadata.
| Extended function | browser | Affected number of people |
| Hover Zoom | Chrome | Over 800,000 people |
| SpeakIt! | Chrome | Approximately 1.4 million people |
| SuperZoom | Chrome · Firefox | More than 329,000 |
| SaveFrom.net Helper | Firefox | Up to 140,000 people |
| FairShare Unlock | Chrome · Firefox | Over 1 million people |
| PanelMeasurement | Chrome | Over 500,000 people |
| Branded Surveys | Chrome | 8 people |
| Panel Community Surveys | Chrome | 1 person |
In addition, Nacho Analytics has previously performed 'Real-time web analytics for any website,' 100% legally compliant, fully compliant with Google's Terms of Service and EU General Data Protection Rules (GDPR) 'And appealed. Nacho Analytics seems to have a similar appeal in YouTube's promotional movie, but it seems that the movie has been deleted soon after Ars Technica published an article about DataSpii.
Related Posts:
