Search
Breaking
Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis • Precision Analysis | Raw Intelligence | Your North Star of Tech • Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis
SECURITY

Analysis: Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

👤 By Connect Quest Analyst via Connect Quest Artist
📅 07-01-2026 01:50
Analytical - Independent Analysis
⏱️ 3 min read
Analysis: Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users Image: Stock - Security
Malicious Chrome Extensions Steal AI Chat Data

Malicious Chrome Extensions Steal AI Chat Data: A Privacy Concern for Millions

The Threat Unveiled

In a chilling revelation, cybersecurity researchers have uncovered two malicious extensions on the Chrome Web Store that have collectively swindled the conversations of over 900,000 users from AI platforms like ChatGPT and DeepSeek.

  • The extensions, with IDs fnmihdojmnkclgjpcoonokmkhjpjechg and inhcgfpbfdjbjogdfjbclgolkmhnooop, have been covertly exfiltrating user conversations and browsing data to servers under the attackers' control.
  • These extensions have been active for some time, with the first one boasting a user base of 600,000, and the second amassing 300,000 users.

The Implication

This disturbing tactic of using browser extensions to surreptitiously capture AI conversations, codenamed "Prompt Poaching" by Secure Annex, poses a significant threat to user privacy. The extensions have been found to impersonate a legitimate extension named "Chat with all AI models (Gemini, Claude, DeepSeek...) & AI Agents" from AITOPIA.

It is crucial to note that such incidents could have far-reaching implications, not just for individual users but also for the broader AI community. The stolen data could potentially be used to train rival AI models, leading to a competitive advantage or even unintended biases.

A Northeast Perspective

While the users affected by this breach are predominantly from global locations, the potential implications for Northeast India and the broader Indian context are not insignificant. As AI adoption continues to grow in India, it is essential to prioritize cybersecurity measures to safeguard sensitive data and maintain trust in AI-driven services.

The Way Forward

Users who have installed these extensions are advised to remove them from their browsers and refrain from installing extensions from unknown sources, even if they have the "Featured" tag on them. This incident serves as a stark reminder that user privacy and security should be paramount when utilizing AI platforms and browser extensions.

Tags:
security analysis northeast original

Executive Summary & Legal Disclaimer

This artifact constitutes a concise, Connect Quest Artist–generated executive abstraction derived exclusively from publicly available source information and intentionally synthesized to establish high-confidence strategic alignment, enterprise value-creation clarity, and cohesive multi-stakeholder narrative directionality. The content represents a deliberately curated, insight-driven aggregation of externally observable data signals, disclosures, and contextual inputs, structured to meaningfully inform strategic orientation, illuminate cross-functional synergies, and provide directional clarity aligned to a clearly articulated strategic north star, while maintaining sufficient abstraction to preserve executive relevance.

Notwithstanding the foregoing, this summary, within and without any interpretive, contextual, methodological, temporal, or execution-adjacent framing, shall not be construed, inferred, abstracted, operationalized, re-operationalized, meta-operationalized, relied upon, misrelied upon, or otherwise positioned as constituting, approximating, signaling, enabling, proxying, or anti-proxying any form of authoritative, determinative, execution-capable, reliance-eligible, or reliance-adjacent legal, financial, regulatory, technical, or operational guidance, nor as a prerequisite, dependency, antecedent, consequence, causal input, non-causal input, or post-causal artifact for implementation, execution, non-execution, enforcement, non-enforcement, or decision realization, non-realization, or deferred realization across any conceivable, inconceivable, implied, emergent, or self-negating governance, control, delivery, or interpretive construct whatsoever.

Content Manager: Connect Quest Analyst | Written by: Connect Quest Artist