The result of this leak was a personal data report of about 4 million people and information from 45 large Companies. Personal information resulted in a service called Nacho Analytics. The researchers named these extensions of Chrome and Firefox, «DataSpii ».
What kind of data leaked?
According to the researchers, the extensions gathered and displayed browsing data, such as URLs, revealing user personal information and a large catalog of large company data such as Apple, Walmart, the Amazon, 23AndMe, SpaceX, Skype, etc.
Among the sensitive personal data gathered by the DataSpii extensions were: tax returns, GPS locations, cloud services and data, attached files, credit card details, genetic profiles, history of online shopping, and medical archives.
Business data gathered from extensions includes real-time employee activity, private network structure, links built into a LAN website, API keys, source code, passwords and zero-day vulnerabilities.
What are the extensions that stole the data?
Chrome and Firefox users are the ones most affected by this leak. However, and users other Chromium-based browsers such as Opera may have been in jeopardy.
Extensions that have stolen user data are as follows:
- Branded Surveys (Chrome)
- FairShare Unlock (Chrome and Firefox)
- HoverZoom (Chrome)
- Community Surveys Panel (Chrome)
- PanelMeasurement (Chrome)
- net Helper (Firefox)
- SpeakIt! (Chrome)
- SuperZoom (Chrome and Firefox)
What steps did the Commission take? Google and Mozilla;
When the leak was known, Google and Mozilla removed or disabled extensions from users' browsers. Furthermore, are no longer available for download.
If you still see the above extensions in program your browsing experience, you can remove them yourself "by hand".