DataSpii

This article, DataSpii, has recently been created via the Articles for creation process. Please check to see if the reviewer has accidentally left this template after accepting the draft and take appropriate action as necessary. Reviewer tools: Inform author

DataSpii (pronounced data-spy) is a leak that compromised the private data of as many as 4 million Chrome and Firefox users via at least eight browser extensions. [1] [2] [3] The Private data included personally identifiable information (PII), corporate information (CI), and government information (GI). DataSpii impacted the Pentagon, Bank of America, Sony, Kaiser Permanente, Apple, Facebook, Microsoft, Amazon, Symantec, FireEye, Trend Micro, Boeing, SpaceX, Zoom, and Palo Alto Networks. Highly detailed information (e.g., private network topology) associated with these corporations and agencies was intercepted and sent to foreign-owned entities. The data was made publicly available via Nacho Analytics (NA), a marketing intelligence company. Both paid and trial members of NA were provided access to the leaked data. Upon signing up for NA membership, members were then provided access to the data via a Google Analytics account. DataSpii leaked un-redacted information related to medical records, tax returns, GPS location, travel itinerary, genealogy, usernames, passwords, credit cards, genetic profiles, company memos, employee tasks, API keys, proprietary source code, LAN environment, firewall access codes, proprietary secrets, operational materials, and zero-day vulnerabilities.

DataSpii was discovered and elucidated by cybersecurity researcher Sam Jadali. By requesting data for a single domain via the NA service, Jadali was able to observe what staff members at thousands of companies were working on in near real-time. The NA website stated it collects their data from millions of opt-in users. Jadali, along with journalists from Ars Technica and The Washington Post, interviewed numerous impacted users, including individuals and major corporations. [1] [2] According to the interviews, the impacted users did not consent to such collection.

1. Goodin, Dan (July 18, 2019). "My browser, the spy: How extensions slurped up browsing histories from 4M users." Ars Technica. Retrieved July 12, 2020.

2. Fowler, Geoffrey (July 18, 2019). "I found your data. It’s for sale." The Washington Post. Retrieved July 12, 2020.

3. O'Flaherty, Kate (July 19, 2019). "Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users." Forbes. Retrieved July 12, 2020.

Cite error: There are <ref> tags on this page without content in them (see the help page).

This article, DataSpii, has recently been created via the Articles for creation process. Please check to see if the reviewer has accidentally left this template after accepting the draft and take appropriate action as necessary. Reviewer tools: Inform author