These popular Google Chrome extensions are collecting your sensitive data

9 views


Andrey Meshkov, Co-Founder of Adguard has discovered some popular Google Chrome extensions to be stealing Facebook data and browsing activity of millions of users. Cambridge Analytica might have shut down, but still there remains a high demand for stolen user data.

Meshkov conducted an automated scan of all publicly available Chrome extensions and shared his findings in a blog post. The scan flagged various extensions for having privacy issues. One of the major issues Meshkov identified was that repeated requests made to various Facebook domains. These extensions are currently being used by over 420,000 users.

The Google Chrome extensions under investigation started scraping user data once the browser kickstarted and a Facebook account was logged into. The extensions also put efforts to parse purchase history associated with respective user accounts. The data collected was sent to an Amazon server, rented by the spyware developers. These extensions sent an alarming amount of Facebook data to the server that also included all the interests mentioned by a Facebook user.

The following Chrome extensions were flagged to have been stealing Facebook data and tracking browser history:

  • Video Downloader for Facebook, having 170K+ users
  • PDF Merge – PDF Files Merger, having 125K+ users
  • Album & Photo Manager for Facebook, having 93K+ users
  • Pixcam – Webcam Effects, having 31K+ users

The list of information collected by these extensions included Facebook profile data including demographics and list of interests. The extensions also collected the browsing history on Facebook, be it regular or sponsored Facebook posts, Tweets, YouTube videos or ads. The extensions were traced by an Israeli company, named Unimania, Inc, however, Meshkov was unable to trace this information back to the owners of the company. After Meshkov reported his discovery to Google, it has taken down all the spyware extensions.

Were you using any of these extensions? Let us know in the comments below.

Your Thoughts are Welcome