Chrome extension hack overview:
- Who: Data protection company Cyberhaven confirmed it suffered a data breach during a Christmas Eve cyberattack.
- Why: The company attributed the data breach to a phishing email that was opened by an employee.
- Where: The Cyberhaven data breach affects certain consumers nationwide.
California-based data protection company Cyberhaven confirmed it suffered a “malicious” cyberattack last month as part.
Cyberhaven said police reports suggest the Chrome extension hack was part of a “wider campaign” to target Chrome extension developers across a large range of companies.
The Dec. 24 attack — which Cyberhaven said was limited in “both scope and duration” — was attributed by the company to an employee responding to a phishing email sent to try and steal their login credentials.
The data breach compromised version 24.10.4 of Cyberhaven’s chrome extension and affected Chrome-based browsers that auto updated during a period between Dec. 25 and Dec. 26, the company said.
Consumers who were running version 24.10.4 of Cyberhaven’s chrome extension are advised to verify their extension has updated to version 24.10.5 or newer, revoke/rotate all passwords that aren’t FIDOv2 and review logs for any “suspicious” activity.
Cyberhaven: Hacker targeted logins to specific social media, advertising AI platforms
Cyberhaven said initial findings suggest the attacker appeared to be targeting logins to specific social media and advertising AI platforms.
Cyberhaven said it is actively cooperating with federal law enforcement in the wake of the Chrome extension hack and that it has notified all affected and non-affected customers about the incident.
“One of Cyberhaven’s core values is maximum transparency, and we are acting with these first principles to retain the trust we have earned from our customers,” Cyberhaven CEO Howard Ting said in a blog post.
The compromised Chrome extension has also been removed from the Chrome Web Store and replaced with a secure version, according to the company.
In other recent data breach news, a consumer filed a class action lawsuit against diagnostic imaging services company Akumin late last month over claims it was responsible for an October data breach.
The consumer argues negligence by Akumin led to the data breach, which she claims exposed “vast amounts” of personally identifiable information and protected health information, including names, Social Security numbers and medical records, among other details.
Are you affected by the Chrome extension hack? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
37 thoughts onCybersecurity company Chrome extensions hacked
Please add me. I’ve been using Chrome for years & anytime I use extentions it’s always trouble.