Security researchers at Security with Sam recently released an extensive report on DataSpii, which refers to a “catastrophic data leak” affecting millions of users that have installed one or multiple leaky browser extensions. The researchers found a total of 8 extensions available for Chrome and Firefox that leak personally identifiable information (PII) and corporate information (CI).
The extensions send the leaked data to a service that sells it to its subscribers. The leaked data includes highly sensitive data such as login credentials, credit card information, tax returns, GPS location information, API keys, firewall access codes, proprietary secrets and zero-day vulnerabilities.
The malicious extensions are Hover Zoom (800,000 Chrome users), SpeakIt! (1.4 million Chrome users), SuperZoom (329,000 Chrome and Firefox users), SaveFrom.net Helper (140,000 Firefox users), FairShare Unlock (1 million Chrome and Firefox users), PanelMeasurement (500,000 Chrome users), Branded Surveys (8 Chrome users), and Panel Community Surveys (1 Chrome user).
Read more: Browser Extensions Massively Collecting User Data