Users of popular internet browsers Google Chrome and Mozilla Firefox could have unknowingly had their historic website browsing history leaked to third-party developers, in an issue similar to the one we discussed earlier this week. These findings were shared by a well-known security researcher who discovered that a widely-used website addon for Chrome and Firefox was recording its users' interactions and storing them.
What are browser addons?
Website browser addons, otherwise known as extensions or plug-ins, have grown in popularity with the development of browsing software over the years. Google Chrome and Mozilla Firefox are two browsers that have adopted the use of such software, to the point where users will often download multiple addons without worrying too much about security. After all, surely Google and Mozilla are doing everything they can to keep data secure?
These plug-ins offer additional functionality to an internet browser that it wouldn't have otherwise had if the extension wasn't installed. This functionality might include features such as advertisement blockers, or the ability to automatically fill out a form with all your personal information at the click of a button.
What’s the rogue add-on?
The software in question is a browser extension that's designed to give users greater control over the way that webpages are displayed. In total, it has around 1.8 million downloads, meaning that vast numbers of users are already using the extension worldwide.
The specific software in question, found by researcher Robert Theaton, a software engineer located in San Francisco, is named Stylish. His findings highlighted how the software had been tracking his browser history for well over a year. Recently, the software changed hands, being acquired by a company known as SimilarWeb.
On his online blog, Robert Theaton states that, "It only takes one tracking request containing one session cookie to permanently associate a user account with a Stylish identifier. This means that Stylish and SimilarWeb still have all the data they need to connect a real-world identity to a browsing history, should they or a hacker choose to."
What this means is that the data harvested by the plugin could be used to link you to your real identity if somebody put in the time and effort. Albeit unlikely, this is a possibility if a hacker targeted the Stylish servers, as the software transmits harvested data back to the company to be stored.
What can you do?
You may have used this extension before, and it’s likely there’s nothing you can do if you’ve already been running it for months or even years. However, the likelihood that anything would be done with your personal information is reasonably slim. That said, this type of breach is becoming more and more commonplace, which is worrying. We’ve listed a couple of things you can do to help improve your security.
Use two-factor authentication
Two-factor authentication is an additional layer of security that can be implemented on many popular platforms that require a login. For example, we published some information about Google’s two-factor authentication process earlier this year. This process requires an additional code to be entered alongside your usual username and password, which is normally emailed or sent to you inside of a text message.
Protect your smartphone
When you’re out and about, you need to be careful with your smartphone. These days, your mobile device is a hive of personal information, as well as numerous connections to financial accounts and other goldmines of personal data. You can lock down your device with a complex PIN code – the more digits, the better – but you should also avoid using public Wi-Fi networks as much as possible.
Using a VPN
A Virtual Private Network (VPN) disguises your identity and location online, and it’s entirely legal to use one. In fact, these days you can even get a VPN connection set up on your mobile phone. Should you choose to use a public Wi-Fi spot for some essential browsing, then you could always use a VPN application to keep your data secure.
Hopefully, you’ve learned some tips you can use to improve your personal security. If you have any other questions about staying safe online, for you or your family, then you can get in touch with WiseGuys over the phone on 0808 123 2820.