Cyberhaven, a data protection company based in California, has confirmed a “malicious” cyberattack that targeted its Chrome extension, affecting users nationwide. The attack occurred on Christmas Eve and was attributed to an employee responding to a phishing email sent by hackers.
Initial findings suggest the attackers aimed to steal login credentials for specific social media and advertising AI platforms. Cyberhaven is actively cooperating with federal law enforcement and has notified all affected customers about the incident.
To mitigate the issue, users are advised to verify their extension has updated to version 24.10.5 or newer, revoke/rotate all non-FIDOv2 passwords, and review logs for suspicious activity. The compromised Chrome extension has been removed from the Chrome Web Store and replaced with a secure version.
Cyberhaven CEO Howard Ting emphasized the company’s commitment to transparency, stating that “maximum transparency” is one of its core values.
Source: https://topclassactions.com/lawsuit-settlements/lawsuit-news/google-class-action-lawsuit-and-settlement-news/cybersecurity-company-chrome-extensions-hacked