🔍 Multilevel Screening Review

On 25 December 2024 a malicious version of the Cyberhaven Chrome extension was published on the Chrome Web Store. The compromised extension automatically updated on users' browsers, allowing attackers to exfiltrate cookies, session tokens and other sensitive data. Over 400,000 users were potentially exposed to data theft. The company engaged incident response teams and removed the malicious version within 30 hours, classifying the incident as resolved.

In Cyberhaven’s case, the malicious extension affected over 400,000 users.

A phishing attack on 24 December 2024 compromised a Cyberhaven employee’s credentials, enabling attackers to publish a malicious version of the company’s Chrome extension. The malicious extension was active from 25 to 26 December 2024 and was later linked to a broader campaign that affected more than 30 other Chrome extensions and over 2.6 million users. The attack allowed exfiltration of cookies and authentication tokens from high‑value accounts such as Facebook Ads. Cyberhaven’s investigation concluded the incident and the malicious extension was removed, marking the case as resolved.

Cyberhaven, a US‑based data security organization, experienced a security breach on December 24, 2024, when a phishing attack reportedly compromised one of their employee's credentials.