Personal Data Theft Risk in Chrome Extension Found by ScrapeSentry Tuesday 7 April 2015 PDF Print The repercussions of this could be quite major for the individuals who have downloaded the extension London, 7 April 2014 Researchers at leading anti-scraping and IT security specialists ScrapeSentry have uncovered a sinister side effect to a free app which over one million Google Chrome users have downloaded, and which potentially leaks their personal information back to a single IP address in the USA. Webpage Screenshot, which is available in the official Google Chrome Extension web store has now been downloaded by over 1.2 million users. The extension allows users to take a screen capture and store it. But hidden in it is a menacing data theft capability. Explaining how they discovered the hidden functionality, Martin Zetterlund, Founding Partner at ScrapeSentry said, “We are in the business of detecting and blocking scrapers and bots that break the terms and conditions of use of our customers’ websites. We recently identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong.” On further analysis, the team discovered that the Chrome extension contained malicious code that allowed for copies of all your browsing data to be sent to a server in the USA. This means that all the sensitive data visible in your page title, such as e-mail if you’re using a web e-mail service, could be sent without your knowledge to the American IP address. Cristian Mariolini, Security Analyst, at ScrapeSentry, who headed up the team that found the rogue extension concluded, “The repercussions of this could be quite major for the individuals who have downloaded the extension. What happens to the personal data and the motives for wanting it sent it to the US server is anyone’s guess, but ScrapeSentry would take an educated guess it’s not going to be good news. And of course, if it’s not stopped, the plugin may, at any given time, be updated with new malicious functionality as well. We would hope Google will look into this security breach with some urgency.” ENDS Press Information: contact: ScrapeSentryNews@gmail.com, or telephone +44 7541497172 Notes to Editors: About ScrapeSentry ScrapeSentry was founded in 2006, and was the world’s first anti-scraping solution to be developed to protect sites from the loss of Intellectual Property and from data theft. As pioneers in the field, ScrapeSentry has worked with many global businesses, such as easyJet, Ladbrokes, and Autotrader.com to protect them from scraping and all the costs, losses of data, customers and IP as well as the potential losses in the reputational damage, that scraping involves. ScrapeSentry has offices in Stockholm, Sweden London, UK and Boston USA. About Scraping: Scraping (also known as web scraping, screen scraping or data scraping) is where large amounts of data from a web site is copied manually or with a script or program. Scrapers might be copying data to populate their own site, or to pretend to be you to customers, or to ensure they price match or better. Whatever their motive and final use for your data, web scrapers are likely to be competing for your customers. Scraping can also have the unintended (or sometimes the intended) consequence of also slowing access to the scraped site and to customers being unable to complete transactions, so that they abandon the site and go elsewhere This press release was distributed by ResponseSource Press Release Wire on behalf of ScrapeSentry in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.