Chrome Plugins Dupe Tens of Thousands of Users on Facebook
Contributed by: Email on 09/05/2012 02:00 PM
[
Comments
]
Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.
There are six different Google Chrome plugins that claim to revoke Facebooks much-maligned Timeline feature. While half of the plugins worked as expected and required access to data on Facebook.com, the other half required users to give the plugins complete access to data on all websites, including access to users' tabs and browsing activity, Jason Ding, a research scientist at Barracud, said in a post on the companys Internet Security blog.
While it doesn't appear the plugins are harvesting users' credentials, two of the three suspicious ones try to entice Facebook users into filling out a fake survey and joining a fake Facebook event in hopes of further spreading the plugin.
To make the situation even more confusing, those two plugins are hosted on sites run by Amazons Simple Storage Service (S3), which hides information about the plugins' authors.
According to Barracuda, at the time of the blog entrys publication, 90,184 Chrome users in total had granted the plugins access to their browsing history. While Chrome reportedly blocked access from one of the Amazon S3 URLs, its not too far-fetched to believe the number of scammed users may have surpassed 100,000 by now.
There are six different Google Chrome plugins that claim to revoke Facebooks much-maligned Timeline feature. While half of the plugins worked as expected and required access to data on Facebook.com, the other half required users to give the plugins complete access to data on all websites, including access to users' tabs and browsing activity, Jason Ding, a research scientist at Barracud, said in a post on the companys Internet Security blog.
While it doesn't appear the plugins are harvesting users' credentials, two of the three suspicious ones try to entice Facebook users into filling out a fake survey and joining a fake Facebook event in hopes of further spreading the plugin.
To make the situation even more confusing, those two plugins are hosted on sites run by Amazons Simple Storage Service (S3), which hides information about the plugins' authors.
According to Barracuda, at the time of the blog entrys publication, 90,184 Chrome users in total had granted the plugins access to their browsing history. While Chrome reportedly blocked access from one of the Amazon S3 URLs, its not too far-fetched to believe the number of scammed users may have surpassed 100,000 by now.
Comments
