It turns out, a couple of popular browsers such as Chrome and Firefox were used to get millions of consumers’ data. The hackers were using ad-blocking and other extended features for this goal. The spotted personal data not only includes their browsing history but also their tax returns, medical records, credit card information and other sensitive data stored on relevant online public services.
As an independent cybersecurity researcher SamJadali proves, the data have been leaked to a fee-based company called Nacho Analytics. The latter provides unrestricted access to analytics data from any website.
Later this week, Ars Technica took the lead in invoking a source from Jardali to report on the matter. Jardali said the data could be purchased for as little as $10 to $50. Jadaly said, ‘In the past seven months, the constant flow of these sensitive data has led to the publicization of home and business surveillance videos hosted on Nest and other security monitoring services.’
Consumers’ data that became available through the browser’s eight extended features, include car identification, the number of recently purchased cars, and the buyer’s name and address.
Patient details, travel itineraries, Facebook Messenger attachments, and Facebook photos, and even private photos are now available on these public services.
The browser’s extensions, also known as browser plug-ins or add-ons, are applications that users can install for a better web browsing experience. These extensions used by millions of people. They include HoverZoom, SpeakIt!, and FairShare Unlock.
Consumers‘ Data Leaked Through Plug-ins and Add-ons.
Both Google and Firefox said, ‘In the user’s browser, these extensions have been remotely deleted or disabled and are no longer available for download.’ However, consumers who do not download and install these extensions plugins may also be affected.
The report quoted Jadaly, ‘No one can survive. Even if you don’t have any of these harmful extension plugins installed, others who interact with you and have such extension plugins installed on their computers, and you have data shared with them, may also be leaked.”
For example, Nacho Analytics promises to ‘view anyone’s analytics account’ and provide ‘real-time web analytics’ for any website. The company charges $49 a month and can provide monitoring of any of the 5,000 most popular websites.
Jardali says that in order to prevent the disclosure of personal data, users need to delete all the browser extension plug-ins installed in the past.