stylish
Stylish browser extension exfiltrated browsing history
After SimilarWeb acquired Stylish (Chrome version in January 2017, Firefox version in March 2018), official store updates began silently exfiltrating users' complete browsing history — full URLs, Google search results, and unique tracking identifiers tied to user accounts — to api.userstyles.org. Robert Heaton publicly disclosed the behaviour on 2018-07-02 after observing the requests; Mozilla and Google removed the extension from their stores within two days. The exfiltrated data included sensitive URLs such as password reset tokens and medical record links.
- Date
- 2017-01-01 to 2018-07-04
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Browsing history exfiltration
- Cause
- Acquisition
What Was Affected
Package
stylish
Languagejavascript
ComponentExtension
Artifact typeextension package
Domain typepackage host
Domain
chromewebstore.google.com
Incident Context
- Motive
- Data collection
- Attribution
- New owner
- Transitive
- No
- User Impact
- 2000000
- Observed Duration
- 549 days
External References
Source Data
Source record: proprietary/stylish/meta.yaml