Last updated 1 month ago
Dozens of browser extensions have been found to openly sell user data, as disclosed in their privacy policies. The affected organizations are the developers of these extensions, operating in the technology sector. The disclosure date is May 2026, though the exact discovery date is not specified. The number of records affected is not quantified in the article.
The breach method involves the sale of user data by browser extensions, which is explicitly permitted in their privacy policies. This constitutes an unauthorized access attack vector, as users' data is being collected and sold without explicit consent beyond the policy disclosure. The data compromised includes general user data, though specific types are not detailed. No threat actor is attributed.
No post-incident developments are mentioned in the article.
Dozens of browser extensions openly sell user data via privacy policy disclosures
This incident highlights the failure of browser extension developers to implement transparent data handling practices and the lack of user awareness regarding privacy policies. The technology sector must enforce stricter data governance and consent mechanisms to prevent such data sales without explicit user opt-in.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector