Facebook Timeline Eraser Chrome Plugins Dupe Tens of Thousands of Users

Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.

Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.

There are six different Google Chrome plugins that claim to revoke Facebook’s much-maligned Timeline feature. While half of the plugins worked as expected and required access to data on Facebook.com, the other half required users to give the plugins complete access to data on all websites, including access to users’ tabs and browsing activity, Jason Ding, a research scientist at Barracud, said in a post on the company’s Internet Security blog.

While it doesn’t appear the plugins aren harvesting users’ credentials, two of the three suspicious ones try to entice Facebook users into filling out a fake survey and joining a fake Facebook event in hopes of further spreading the  plugin.

To make the situation even more confusing, those two plugins are hosted on sites run by Amazon’s Simple Storage Service (S3), which hides information about the plugins’ authors.

According to Barracuda, at the time of the blog entry’s publication, 90,184 Chrome users in total had granted the plugins access to their browsing history. While Chrome reportedly blocked access from one of the Amazon S3 URLs, it’s not too far-fetched to believe the number of scammed users may have surpassed 100,000 by now.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.