Stories

Broker sells near-real-time browsing info from unsuspecting victims

At least 8 browser extensions sold extremely sensitive data about their users to a data broker, who then sold access to that data in real time to unknown buyers, according to a report from researcher Sam Jadali.

Why it matters: The broker sold a continuously updated list of what sites users visited, including page titles, location and computer information about the user. That data, viewed in near real time, can severely hamper user privacy and security.

Details: Jadali discovered the following browser extensions feeding data to the broker: Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys and Panel Community Surveys.

  • The extensions range in users from 1 to more than 1 million.
  • The extensions are for Chrome and FireFox, and would have received user permission to observe browsing behaviors on the web when first installed. But Jadali writes that only 4 of those extensions thoroughly explained that browser data would be collected.
  • Jadali is not releasing the name of the data broker.

Threat level: We don’t know that any data was used maliciously. But there’s a clear way that real-time data could be used maliciously.

  • Many sites use temporary links as a security measure. Jadali notes that when an infected machine sent an image file over a chat app, a web link to that image appeared on the broker's page to that image. The link only worked for a very short period of time.
  • A project management service included important information in the page titles, including engineering missteps at 2 major companies.
  • Other sites include critically important information in the web address itself. Links to various airline sites included account holder names.