CP
cyberpings
BreachesHIGH

Malicious Extensions Steal Your Chat Histories!

MSMicrosoft Security Blog
ChatGPTDeepSeekbrowser extensionsdata theftAI security
🎯

Basically, some bad browser add-ons are stealing your chat data from AI tools.

Quick Summary

Malicious AI extensions are stealing chat histories from users. With nearly 900,000 installs, the risk of data exposure is significant. Remove suspicious extensions and monitor your accounts closely to stay safe.

What Happened

Imagine chatting with an AI assistant, only to find out that someone is secretly listening in. Malicious AI browser extensions have been discovered that harvest chat histories? and browsing data from popular platforms like ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, this campaign reveals a serious threat lurking in your browser.

These extensions, designed to look harmless, have been quietly collecting sensitive information. Users installed them thinking they were helpful tools, but instead, they became unwitting participants in a data theft operation. The implications of this breach are staggering, especially for businesses that rely on AI for sensitive communications.

Why Should You Care

You might think, "I don’t use these extensions, so I’m safe." But think again! If you or your company use AI tools, your data could still be at risk. Just like leaving your front door unlocked invites unwanted guests, installing unverified browser extensions? can expose your personal and professional information to cybercriminals?.

Your chat histories, passwords, and browsing habits could be compromised. This isn’t just a tech issue; it’s a personal one. If your data gets into the wrong hands, it could lead to identity theft or financial loss. Protecting your information should be a top priority.

What's Being Done

Cybersecurity experts are on high alert. They are investigating the extent of the damage and working on solutions to mitigate the risks. Here’s what you can do right now:

  • Remove any suspicious browser extensions from your devices immediately.
  • Change your passwords for any accounts that may have been accessed.
  • Monitor your accounts for unusual activity.

Experts are keeping a close eye on the situation, looking for patterns in the data stolen and how to prevent similar attacks in the future. Stay informed and vigilant to protect yourself from these evolving threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: This incident underscores the importance of scrutinizing browser extensions—malicious actors are increasingly leveraging them for data exfiltration.

Original article from

Microsoft Security Blog · Microsoft Defender Security Research Team

Read Full Article

Share

Related Pings

HIGHBreaches

Starbucks Data Breach Exposes Personal Info of 889 Employees

Starbucks has reported a data breach affecting 889 employees due to phishing attacks. Personal information, including Social Security numbers, was exposed. The company is offering identity protection services to those affected.

Security Affairs·
HIGHBreaches

Hacker Accidentally Exposes FBI's Epstein Files

What Happened A foreign hacker accidentally accessed a server containing sensitive materials related to the FBI's investigation into Jeffrey Epstein. This incident occurred when the hacker discovered a trove of emails, images, and documents that appeared to contain child abuse materials. Shocked by the content, the hacker left a message threatening to report the findings to the FBI, unaware

Wired Security·
HIGHBreaches

Telus Digital Confirms Major Data Breach by ShinyHunters

What Happened Telus Digital, the digital services arm of Canadian telecommunications giant Telus, has confirmed that it suffered a significant data breach. This announcement follows allegations from the notorious cybercrime group, ShinyHunters, who claimed to have exfiltrated nearly 1 petabyte of data over several months. The breach reportedly involved the use of credentials obtained from a previous hack of

SC Media·
HIGHBreaches

Bank Leak Exposes Customer Data Amid AI Security Concerns

What Happened In a significant breach of trust, Lloyds, Halifax, and Bank of Scotland customers experienced a shocking privacy violation. Customers were able to see other users' transactions within their banking apps. This incident highlights a serious confidentiality failure, raising concerns about how secure our financial information really is. The breach is not the result of a hack but

SC Media·
HIGHBreaches

Loblaw Faces Data Breach After Cyberattack on IT Network

Loblaw has reported a data breach affecting customer information due to a cyberattack. Millions of customers may be impacted, raising concerns about identity theft. The company is advising affected customers to reset their passwords and monitor their accounts.

SC Media·
HIGHBreaches

Stryker Faces Major Disruption After Cyberattack by Handala

What Happened On March 13, 2026, medical device maker Stryker disclosed a significant cyberattack that disrupted over 200,000 systems, including servers and mobile devices. The attack was linked to Handala, a pro-Palestinian group with ties to Iran. In an official filing with the SEC, Stryker admitted it could not provide a timeline for recovery, highlighting the complexity of restoring

SC Media·