Massive Chrome Extension Hack Exposes 2.6 Million Users to Data Theft – Full List Revealed
In a significant cybersecurity breach, hackers have compromised numerous Chrome browser extensions, potentially exposing millions of users to data theft. The attack, which began in mid-December, involved at least 16 extensions and affected over 600,000 users.
Table of Contents
How the Breach Occurred
The attackers employed a phishing campaign targeting extension developers. Posing as Google Chrome Web Store Developer Support, they sent deceptive emails warning developers of policy violations and imminent removal of their extensions. These emails contained links that, when clicked, granted the attackers access to the developers' accounts. With this access, they injected malicious code into legitimate extensions, enabling the theft of cookies and user access tokens.
List of Compromised Extensions
The following extensions were identified as compromised:
- AI Assistant - ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search Copilot AI Assistant for Chrome
- TinaMind AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vidnoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
These extensions span various functionalities, from AI assistants to VPN services, amplifying the potential impact of the breach.
Implications for Users
Users of these extensions are at risk of having their personal data, including browsing history and login credentials, stolen. The malicious code was designed to communicate with external command-and-control servers, facilitating further data exfiltration. In some cases, the compromised extensions targeted specific platforms, such as Facebook Ads accounts, aiming to intercept authentication tokens and bypass security measures like two-factor authentication.
Protecting Yourself
If you have any of the compromised extensions installed, it's crucial to take immediate action:
- Uninstall the affected extensions to prevent further data leakage.
- Change your passwords, especially for accounts accessed while the extensions were active.
- Enable two-factor authentication (2FA) on your accounts to add an extra layer of security.
- Monitor your accounts for any suspicious activity and report unauthorized access promptly.
Conclusion
This incident underscores the importance of vigilance when using browser extensions. While they can enhance functionality, extensions also pose security risks if compromised. Regularly reviewing installed extensions, verifying their legitimacy, and staying informed about potential threats are essential steps in safeguarding your online security.