This popular browser extension harvested and sold the AI conversations of 8 million users

Cybersecurity researchers from Koi Security have uncovered a massive, data-harvesting operation that has been secretly collecting and selling the private conversations of over 8 million users with leading AI chatbots. The malicious activity was traced to a popular suite of browser extensions, most prominently the widely used Urban VPN Proxy.

The operation is a great example of how seemingly trustworthy software can exploit its privileged access to capture some of the most sensitive data generated online, like complete, personal conversations with AI assistants.

The Deceptive Mechanism

The investigation revealed that Urban VPN Proxy, which ironically carried Google's "Featured" badge and claims to protect user privacy, was running an invisible operation in the background since a silent update in July 2025.

The extension targeted and intercepted traffic from at least eight major AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

How it worked

When a user visited one of the targeted AI sites, the extension injected a tailored JavaScript "executor" script onto the page. This script overrode native browser network functions, allowing it to see the raw API traffic from both the user's prompt and the AI's response.

The collected data, which includes medical questions, financial details, proprietary code, and personal dilemmas, was packaged and exfiltrated to the servers of Urban Cyber Security Inc., which is affiliated with the data broker BiScience. The data is then sold for "marketing analytics purposes."

No Opt-Out

The harvesting functionality was enabled by default, and researchers confirmed there was no user-facing toggle to disable it. The only way to stop the data collection was to uninstall the extension entirely.

A betrayal of trust

The researchers found that seven other extensions from the same publisher, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, contained identical harvesting code, bringing the total number of affected users across Chrome and Microsoft Edge to over 8 million.

The incident highlights a critical flaw in trust: extensions, particularly those highly rated and officially "Featured," hold immense permissions, and users have no visibility into the sensitive data they are silently capturing and selling.

Anyone who used the targeted AI platforms while this extension was installed after July 2025 is advised to assume their conversations have been compromised.