Chrome and Firefox extensions are quite popular. Also known as plug-ins or add-ons, the extensions are apps that users can install to run alongside their browser that provides a handy little shortcut to apps or tasks that usually take a lot of clicks and people are used to them. But a recent report might affect the use of extensions. Cybersecurity researcher Sam Jadali has claimed that extensions like ad blockers collect user data of millions of users, which includes browsing the history, tax returns, credit card information, medical records, and other sensitive data which is in the public domain.
Sam Jadali has confirmed that the data has been leaked to a company called Nacho Analytics that gives unlimited access to any websites analytics data. It is a fee-based firm. His reports have mentioned that the data could be purchased for a measly amount of $5 to $50. Amongst the data leaked, some are the numbers of recently bought automobiles, vehicle identification with the names and addresses of the buyers.
The report said, “This non-stop flow of sensitive data over the past seven months has resulted in the publication of links to home and business surveillance videos hosted on Nest and other security services. Tax returns, billing invoices, business documents, and presentation slides posted to or hosted on, Microsoft OneDrive, Intuit.com, and other online services have been exposed.”
The affected extensions include FairShare Unlock., HoverZoom, and SpeakIt! People who did not download these extensions could also be affected. Google and Firefox said, “The extensions have been remotely removed or disabled in consumers’ browsers and are no longer available for download.”
Nacho Analytics lets its users ‘see anyone’s analytics account’ and promise to provide ‘real-time web analytics for any website’. It charges $49 (approximately ₹2,900) per month to monitor widely-trafficked websites, generally some top 500 websites.
Sam Jadali said, “Nobody is immune to this. Even if you don’t have any harmful extensions, the other people you interact with may have an extension on their computers that could be leaking the data you share with them.” He advised users to delete all the extensions installed in the past.