AVG Exposes 9 Million Users’ Data with Chrome Plugin
In today’s ever-growing cyber world, consumers look to cyber security giants for 24-hour support and protection, but we are constantly reminded of the many vulnerabilities that exist even among large anti-virus software corporations. AVG’s recently added “Web TuneUp” add-on for the Google Chrome browser promised to protect users when surfing unsafe websites. However, it ended up exposing the browsing history and other personal data of 9 million users to hackers who knew how to collect the information(CNET.)
Google Project Zero researcher Tavis Ormandy (also of fame for blindsiding Trend Micro and Kaspersky by releasing vulnerabilities in their software without prior notification), who initially discovered the vulnerability wrote in a follow-up statement that the issue has been resolved now (SC Magazine.)
These type of vulnerabilities are unfortunately quite common, but there is much that can be done to prevent something like this from happening again. For starters, adding API’s that bypass Google Chrome’s security functions is a big mistake. If behavior like this is faithfully avoided in the future, and AVG and other security companies make sure to follow security protocol without taking shortcuts, the risk of having a data breach will decrease nicely. It is of utmost importance that these companies start following stricter guidelines, or vulnerabilities such as this won’t be easily avoided in the future.
It is a relief that the issue causing this breach is fixed now, but nothing can excuse the fact that millions of users had their personal data exposed. In this case, it is safe to use the add-on now, but it’s imperative that we reconsider all of the companies that we trust with out personal data.
When selecting whom we give our information to, it is important to do research on who has a better track record of maintaining strict security standards, rigorous maintenance and constant updating of software.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.