Now, a research report reveals that some popular browser extensions are collecting and even selling users data including a list of visited sites and photos that users have looked at.
Most recently, security researchers found that a number of popular extensions were harvesting user data without consent. Not only their browsing histories but also exposing tax returns, medical records, credit card information and other sensitive data to a database. The exposed data also include vehicle identification, numbers of recently bought automobiles along with the names and addresses of the buyers.
Security researcher Sam Jadali discussed the presence of some data-harvesting extensions available on the Chrome and Firefox app stores. Once the extensions installed in the system, it started tracking your browsing and spending habits and also harvesting sensitive data to sell online.
The report said,
This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services.
Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services" have been exposed.
Reports also showed that the affected extensions were used by millions of people, including HoverZoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, Branded Surveys, Panel Community Surveys, FairShare Unlock, and PanelMeasurement.
Google and Firefox both said,
The extensions have been remotely removed or disabled in consumers' browsers and are no longer available for download.
That's why Google is trying to make Chrome extensions safer to use. Later this year, the company is rolling out a change that'll restrict extensions from intercepting and modifying sensitive data flowing through the Chrome browser.
Mozilla is also aware of the changing security landscape and told that they have created a list of “Recommended Extensions” that are editorially vetted, security-reviewed, and monitored for safety and privacy.
A Mozilla spokesperson said,
Mozilla has blocked all of the extensions that were found to be in violation of our policies. We looked into these extensions and found them to be in violation of our Distribution Agreement and Review Policies. As a result, they have been blocked from Firefox.
If you make use of extensions on Chrome or Firefox, you'll want to make sure that your browser wasn't affected by this catastrophic data breach.