Apr 072015
 
 April 7, 2015  Breaches

If you’re outside the U.S. and using the extension identified below, your data may be going to the U.S. Where in the U.S. they don’t tell us, so it’s hard to evaluate what’s going on, but if your data shouldn’t be going to the U.S., you may want to read this press release from ScrapeSentry:

Researchers at leading anti-scraping and IT security specialists ScrapeSentry have uncovered a sinister side effect to a free app which over one million Google Chrome users have downloaded, and which potentially leaks their personal information back to a single IP address in the USA.

Webpage Screenshot, which is available in the official Google Chrome Extension web store has now been downloaded by over 1.2 million users. The extension allows users to take a screen capture and store it. But hidden in it is a menacing data theft capability.

Explaining how they discovered the hidden functionality, Martin Zetterlund, Founding Partner at ScrapeSentry said, “We are in the business of detecting and blocking scrapers and bots that break the terms and conditions of use of our customers’ websites. We recently identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong.”

On further analysis, the team discovered that the Chrome extension contained malicious code that allowed for copies of all your browsing data to be sent to a server in the USA. This means that all the sensitive data visible in your page title, such as e-mail if you’re using a web e-mail service, could be sent without your knowledge to the American IP address.

Cristian Mariolini, Security Analyst, at ScrapeSentry, who headed up the team that found the rogue extension concluded, “The repercussions of this could be quite major for the individuals who have downloaded the extension. What happens to the personal data and the motives for wanting it sent it to the US server is anyone’s guess, but ScrapeSentry would take an educated guess it’s not going to be good news. And of course, if it’s not stopped, the plugin may, at any given time, be updated with new malicious functionality as well. We would hope Google will look into this security breach with some urgency.”