Chrome Extension with 8 Million Users Caught Stealing AI Chats
Urban VPN and related browser extensions secretly harvest conversations from ChatGPT, Claude, Copilot, and other AI platforms, selling data to advertisers.
A popular VPN browser extension with Google's "Featured" badge has been secretly intercepting and selling users' AI chatbot conversations—including sensitive prompts to ChatGPT, Claude, Microsoft Copilot, and other major platforms. The extensions remain available on both Chrome and Edge stores despite the revelation.
The Discovery
Security researcher Idan Dardikman of Koi Security published findings on December 15, 2025, exposing a large-scale data collection operation embedded within Urban VPN Proxy and several related browser extensions.
The scope is staggering: over 8 million installations across Chrome Web Store and Microsoft Edge Add-ons are affected.
Affected Extensions
| Extension | Platform | Users |
|---|---|---|
| Urban VPN Proxy | Chrome, Edge | 6+ million |
| 1ClickVPN Proxy | Chrome, Edge | ~1 million |
| Urban Browser Guard | Chrome, Edge | ~500,000 |
| Urban Ad Blocker | Chrome, Edge | ~500,000 |
All extensions share the same backend infrastructure and data exfiltration code.
Targeted AI Platforms
The extensions specifically target conversations with eight major AI chatbots:
- ChatGPT (OpenAI)
- Claude (Anthropic)
- Microsoft Copilot
- Google Gemini
- Perplexity
- DeepSeek
- Grok (xAI)
- Meta AI
How the Attack Works
Researchers at Koi Security traced the malicious behavior to a mid-2025 software update. The extension silently activated data harvesting through hard-coded configuration changes, with no user notification or consent prompt.
The attack chain works through browser API manipulation:
- Targeted Injection: When users navigate to AI chatbot sites, the extension loads site-specific scripts designed to monitor those platforms
- Request Hijacking: These scripts intercept outgoing network requests before they reach the AI service, capturing the payload
- Full Conversation Logging: Both sides of the conversation—what users type and what the AI responds—are recorded along with session metadata
- Silent Exfiltration: Collected data streams to Urban VPN's analytics infrastructure for commercial processing
The particularly insidious aspect: there is no way to opt out. Disabling the "AI protection" features or even disconnecting the VPN does not stop the data harvesting. The only solution is complete removal of the extension.
Who Gets Your Data?
The data flows to BIScience, an affiliated advertising intelligence firm. According to researchers, BIScience uses raw (not anonymized) data to create insights that are "commercially used and shared with Business Partners."
BIScience, which also owns Urban Cyber Security Inc., was previously criticized for collecting browsing history under misleading privacy policy disclosures.
The Irony of "Privacy" Tools
The extensions market themselves as privacy and security tools. Urban VPN Proxy's Chrome listing emphasizes protecting users from "hackers and identity thieves." The extension even displays warnings about sharing sensitive information with AI chatbots—while simultaneously exfiltrating entire conversations to data brokers.
From the Koi Security report: "The harvesting feature sends that exact sensitive data—and everything else—to Urban VPN's own servers, where it's sold to advertisers. The extension warns you about sharing your email with ChatGPT while simultaneously exfiltrating your entire conversation to a data broker."
Why This Matters
People share extraordinarily sensitive information with AI chatbots:
- Proprietary business strategies and code
- Personal health questions
- Legal matters
- Financial information
- Creative works in progress
- Private thoughts and concerns
This data, now in the hands of advertising companies, could be used for targeted advertising, sold to unknown third parties, or potentially leaked in future breaches.
Immediate Actions for Users
- Check your browser extensions and remove any from the Urban Cyber Security family
- Review extension permissions for any VPN, ad blocker, or security tools
- Consider browser-based alternatives rather than extensions for VPN functionality
- Audit your AI chat history for sensitive information that may have been exposed
The Larger Problem
This incident highlights systemic issues with browser extension security:
- Google's "Featured" badge provided false trust signals
- Extension review processes failed to catch malicious behavior
- Permission models give extensions broad access that users don't fully understand
- Update mechanisms allow benign extensions to become malicious overnight
As of publication, all affected extensions remain publicly available on both Chrome and Edge stores.
Resources
Users should immediately remove these extensions and consider what sensitive information may have been exposed through AI chatbot conversations.
Related Articles
Blue Shield California Exposes Member Health Data in Portal Error
System enhancement gone wrong allowed members to view other members' names, diagnoses, and medications. The insurer is offering affected individuals credit monitoring.
Jan 7, 2026Chrome Extensions Stealing ChatGPT Chats Hit 900K Users
Two rogue browser extensions masquerading as AI tools exfiltrated complete conversation histories from ChatGPT and DeepSeek to attacker-controlled servers every 30 minutes.
Jan 9, 202617.5 Million Instagram Accounts Leaked on BreachForums
A threat actor shared Instagram user data including emails and phone numbers for free. Users report receiving suspicious password reset emails within hours of the leak.
Jan 10, 2026Hacker Selling 139GB of US Utility Engineering Data
Pickett USA breach exposes LiDAR scans, transmission line surveys, and substation layouts for Tampa Electric, Duke Energy Florida, and American Electric Power. Asking price: 6.5 BTC.
Jan 9, 2026