Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Google, Firefox Browser Extensions Expose Data of 4 Million People

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Google, Firefox Browser Extensions Expose Data of 4 Million People

Old 07-24-19, 05:10 PM
  #1  
DVD Talk Legend
Thread Starter
 
Sonic's Avatar
 
Join Date: May 1999
Posts: 17,895
Google, Firefox Browser Extensions Expose Data of 4 Million People

A MASSIVE data breach due to the addons you apply on Chrome, Firefox and other browsers:

A massive data leak was recently discovered by cybersecurity researcher Sam Jidali, revealing private information for 45 major companies and millions of individuals.

Dubbed “DataSpii” by Jidali and his team, the leak was perpetrated by innocent-looking Chrome and Firefox browser extensions that collected and distributed users’ browsing data — URLs that revealed private information about both users and a long list of companies, including Apple, Walmart, Amazon, 23AndMe, SpaceX and Skype. (The full list is included in Jidali’s report.)

The eight extensions used to carry out the leak are:

Branded Surveys (Chrome)
FairShare Unlock (Chrome and Firefox)
HoverZoom (Chrome)
Panel Community Surveys (Chrome)
PanelMeasurement (Chrome)
SaveFrom.net Helper (Firefox)
SpeakIt! (Chrome)
SuperZoom (Chrome and Firefox)

Jidali reported the tracking activity to Chrome and Mozilla, who responded by remotely disabling the add-ons and removing them from their marketplaces. However, Jidali continued to monitor the activity of these now-disabled browser add-ons, only to find that they were still tracking user data even though their main functionality was disabled.

In other words, uninstall any of the extensions listed above if you’re using any of them. While some of these extensions had fewer than 10 users, at least two had over a million, and the rest had tens-to-hundreds of thousands of users.

Each of these extensions tracked data differently and used sneaky tactics — such as waiting until 24 days after installation to begin tracking — to obfuscate the data collection process. The collected data was then sold to any interested buyers, wrapping up a process that Jidali diagrams in his full report.

Jidali also alerted companies whose information was exposed, and they were able to corroborate Jidali’s findings. Leaked data included sensitive corporate information and compromising user data such as employee names, addresses, credit card information, passwords and PIN numbers; stored cloud files; and much more — even tax returns, genetic information and medical history in some cases.

Consider the nuclear option to protect yourself against bad extensions

While impacted users have been alerted, it’s always wise to review your account activity and/or change info when a leak such as this occurs — even if your data wasn’t specifically compromised.

Going forward, there’s one piece of advice we recommend above all: Limit the number of extensions you use in your browser. Just because an extension shows up on an official marketplace doesn’t necessarily mean it’s safe.

While there are plenty of amazing and useful third-party browser extensions, there are also plenty that are looking to take advantage of you. We’re not saying use zero extensions, which would be the safest practice, but be mindful about those you do install in your browser.

Maybe you don’t need 30 extensions to do most of your work, and a barebones setup of five — from official companies you recognise — could get you through the day.

https://lifehacker.com/uninstall-the...dat-1836539093

Last edited by Sonic; 07-25-19 at 12:59 AM.
Sonic is offline  
Old 07-24-19, 07:08 PM
  #2  
DVD Talk Special Edition
 
Join Date: Sep 2012
Posts: 1,688
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

https://lifehacker.com/uninstall-the...dat-1836539093


(Non-au version seems to be less noisy).
morriscroy is offline  
Old 07-25-19, 12:19 AM
  #3  
DVD Talk Platinum Edition
 
Join Date: Oct 2003
Posts: 3,439
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Another day, another data breach. What the fuck else is new??!!
zyzzle is offline  
Old 07-25-19, 08:35 PM
  #4  
kd5
DVD Talk Hall of Fame
 
kd5's Avatar
 
Join Date: May 2010
Location: Ohio, USA
Posts: 9,275
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

The only extensions I use with Pale Moon are Adblock Latitude and uBlock Origin. I hope they never get hacked but I suppose anything is possible these days.
kd5 is offline  
Old 07-25-19, 09:06 PM
  #5  
DVD Talk Legend
Thread Starter
 
Sonic's Avatar
 
Join Date: May 1999
Posts: 17,895
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

I've never used more than 5 extensions. Currently only using two.

But I know plenty of people that use so many. I call them addon hoarders. An addon for every little thing. So unnecessary.
Sonic is offline  
Old 07-25-19, 09:27 PM
  #6  
DVD Talk Legend
 
Nick Danger's Avatar
 
Join Date: Mar 2001
Location: Albuquerque
Posts: 22,168
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Let's see: uBlock origin, Adblock Plus, NoScript, Search Image for Google, Video Download Helper, and Keeper. That's six. I use them all.
Nick Danger is offline  
Old 07-25-19, 10:45 PM
  #7  
DVD Talk Platinum Edition
 
Join Date: Oct 2003
Posts: 3,439
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

I only use uBlock orgin and "Disable HTML 5 autoplay", but I'm not sure of the effectiveness of the disable HTML autoplay. Nothing annoys me more than god-damn videos that autoplay, wasting MY bandwidth. Any good, more up-to-date and /or more effective disable video plugins for Google Chrome? I disable Javascript on a per-site basis.

I hate Chrome, but suffer through it. Firefox is too bloated
zyzzle is offline  
Old 07-26-19, 01:49 AM
  #8  
DVD Talk Legend
Thread Starter
 
Sonic's Avatar
 
Join Date: May 1999
Posts: 17,895
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Originally Posted by Nick Danger View Post
Let's see: uBlock origin, Adblock Plus, NoScript, Search Image for Google, Video Download Helper, and Keeper. That's six. I use them all.
Since you're using Ublock Origin, having AdBlock Plus at the same time is a bit redundant.
Sonic is offline  
Old 07-26-19, 06:21 AM
  #9  
DVD Talk Special Edition
 
Join Date: Sep 2012
Posts: 1,688
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Originally Posted by Sonic View Post
Since you're using Ublock Origin, having AdBlock Plus at the same time is a bit redundant.
I dropped adblockplus many years ago, after I tried out ublockorigin and found the latter was more to my liking.
morriscroy is offline  
Old 07-26-19, 06:29 AM
  #10  
DVD Talk Special Edition
 
Join Date: Sep 2012
Posts: 1,688
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

One addon I'm looking to drop eventually is httpseverywhere.

I have noticed after the snowden relevlations about the nsa in 2013, more and more websites went https over the years since.

In more recent times, I've been using the "encrypt all sites eligible" function in httpseverywhere which disallows viewing of web sites which are not encrypted. Occasionally I turn off "encrypt all sites eligible" in order to view a web site which does not use https, typically old web sites which are not maintained very well.
morriscroy is offline  
Old 07-26-19, 12:53 PM
  #11  
DVD Talk Legend
Thread Starter
 
Sonic's Avatar
 
Join Date: May 1999
Posts: 17,895
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Originally Posted by morriscroy View Post
I dropped adblockplus many years ago, after I tried out ublockorigin and found the latter was more to my liking.
Same.
Sonic is offline  
Old 07-26-19, 01:07 PM
  #12  
DVD Talk Hero
 
Join Date: Aug 1999
Posts: 26,999
Re: Google, Firefox Browser Extensions Expose Data of 4 Million People

Thats cool with the HaveIbeenPwned integration, but they should really mandate that people using their password manager put in a master password. To my knowledge, it's not on by default, and I'm not sure how many people realize you can basically show passwords in cleartext from options.
fujishig is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.