Several Chrome & Firefox Extensions Behind Massive Data Leak

Thinking about adding a new Chrome or Firefox extension? Well, you may want to reconsider after hearing all about the latest data leak which affected 45 companies, including SpaceX, Amazon, Apple, and Skype. Sam Jidali, the cybersecurity researcher who identified the threat said that the malicious extension kept on working even after Firefox and Mozilla removed them from the store. Apparently, there are seven viral extensions, each of them engineered to steal personal data, financial info, and, yes, even things like family photos and videos.

Should I start removing Chrome & Firefox extensions?

I wouldn’t’ go that far, but you may want to pay extra attention when downloading and installing a browser extension. As Jidali wrote in his Proof-of-Concept paper, the malicious attack, which was dubbed DataSpii, was carried out by eight Chrome and Firefox extensions. Of course, it wouldn’t be the first time hackers use a browser extension to grab personal data.

However, this attack seems more coordinated, and the results speak for themselves. According to Jidali’s team, the ‘spoofed’ extension managed to swindle 45 major companies, such as Apple, Walmart, Amazon, 23AndMe, and Skype.

So, is your data at risk or not? Well, if you’re using one of these extensions, it’s a high chance that your personal info might have landed on the dark web. On that note, here’s what you’ll need to look out for:

  • SuperZoom for Firefox and Chrome.
  • SpeakIt! for Chrome.
  • net Helper for Firefox.
  • PanelMeasurement for Chrome.
  • Panel Community Surveys for Chrome.
  • HoverZoom for Chrome.
  • FaiShare Unlock for Firefox and Chrome.
  • Branded Surveys for Chrome.

As you can see, most of the malicious extensions revolve around surveys and quick-to-obtain metrics.  Still, this is but scratching the surface. Jidali’s in-depth report detailed that the extensions are responsible for an all-out data leak which includes stuff like PIN numbers, files stored on the cloud, tax returns, medical history, addresses, names, payroll details, and much more. In one case, the hackers managed to get ahold of someone’s pics, which were stored on Apple’s iCloud.

And that’s not the worst of it; after disclosing the breach, both Firefox and Chrome removed the malicious extensions from their stores. The affected companies were also notified and corroborated Jidali’s findings. However, days after the extensions were removed, they continued to leak information as if nothing happened.


So, what’s there to be done? Well, nothing on our part. The two companies managed to remove the malicious extensions before they could leak more data. As for the rest of the Internet community, the best possible defense would be to refrain from installing suspicious extensions. What’s your take on Jidali’s findings? Drop a comment and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *