Chrome Extensions Stealing ChatGPT Data Expose 900,000 Users

Are Chrome extensions secretly taking ChatGPT and DeepSeek conversations from users? What do we know so far?

As of January 2026, security researchers and independent investigations say that two Chrome extensions were found to be misusing browser permissions to gather and send AI chat data, which could affect as many as 900,000 users. Some claims about the size and purpose of the suspicious behavior are still being looked into, even though technical indicators point to it. People should see this as a serious warning that Chrome extensions can steal ChatGPT data, not as proof that all AI tools are broken.
A
A well-known cybersecurity website published a report that caused a lot of concern in the AI and browser security communities. The investigation found that two Chrome extensions with almost 900,000 users were collecting browser activity, including conversations from ChatGPT and DeepSeek sessions.

The story got around quickly. People who worked on the software, journalists, and regular users all asked the same thing. How could a simple browser add-on get into private AI chats that most people think are private?

The short answer is abuse of permissions. The longer explanation is much more uncomfortable and shows how weak browser extension security still is in 2026.
This article explains what really happened, what is known, what is still unclear, and what users and businesses should realistically do next.

Why This Story (chrome extensions stealing chatgpt data) Is Important Right Now

No longer are AI chat tools just for fun. People use them to send work emails, write legal documents, ask medical questions, review code, and plan business strategies. When Chrome extensions that steal ChatGPT data become a real problem, it affects a lot more than just casual browsing.

AI chat logs now have private business information for a lot of professionals. They may ask very personal questions of people. Spyware in browser extensions is a bigger threat than regular ad tracking because of this.

This event also shows that there is a bigger gap between what users think browser extensions do and what they actually do behind the scenes.

What were these Chrome add-ons really doing?

Researchers saw how extensions acted.
Security experts saw strange outbound network traffic coming from two Chrome extensions that said they would help users be more productive. Once installed, these extensions asked for a lot of permissions, such as:

• Reading and changing data on all websites

• Access to active tabs

• Running scripts in the background

By themselves, these permissions aren't strange. A lot of real extensions ask for the same kind of access. The issue arose when analysts tracked the flow of data.
The extensions were putting scripts into web pages that had ChatGPT and DeepSeek interfaces. These scripts kept an eye on user input fields and saved chat content before it was sent or shown.

People often call this method "data exfiltration chrome behavior."

Where the data seemed to go

Encrypted HTTP requests were used to send captured data to servers far away. Encryption kept the traffic from being looked at by people who weren't supposed to, but it didn't stop researchers from figuring out where it was going and what patterns it was following.

At the time of the report, it was not known who owned those servers, and there was no known threat actor group that owned them. This uncertainty is important and makes it hard to assign intent with confidence.

Is this a real ChatGPT data breach?

No one has confirmed that the ChatGPT or DeepSeek servers were hacked. There is no CVE given to the OpenAI or DeepSeek infrastructure that was involved in this event. The problem is really in the browser layer, though.

In simple terms, the extensions didn't hack ChatGPT. They watched people type and then copied what they saw.

This difference is important because it changes who is responsible. The risk came from bad Chrome extensions, not from problems with the AI platforms themselves.
That being said, the result feels the same from a user's point of view. Conversations that were meant to be private may have been made public.

How people misuse Chrome Extension permissions

Why do people click "Accept" without thinking?

Most people quickly add extensions. There is a pop-up. The permissions are written in small letters. The button says "Add to Chrome."

After years of safe extensions, trust comes naturally.
The issue is that people who abuse extension permissions often use vague phrases like "improve browsing experience" or "enhance productivity" to do so.

Once given, permissions let extensions do things like:

• Read the content of a page

• Change how a website works

• Record keystrokes • Keep an eye on form submissions

That includes chat windows with AI.
Why checks on the Chrome Web Store aren't enough
Google does check extensions for malware that it already knows about. But a lot of unsafe browser add-ons pass the first review because they don't cause any problems at first.

Some extensions turn on harmful features weeks after they are installed. Some of them get scripts from remote servers after installation, which changes how they work without updating the extension package.
Over the past five years, this tactic has been used in many cases of Chrome extension malware.

DeepSeek Chat Data Leak Worries Explained

Is it safe to use DeepSeek?
"Is DeepSeek safe?" is one of the most popular questions right now.
There is no proof that DeepSeek itself leaked data, at least not based on the evidence we have. The leak that is thought to have happened happened in the browser, not in DeepSeek's systems.

But DeepSeek users may be at greater risk because many of them use third-party browser tools to improve or combine AI workflows.
When you add untrusted extensions to any AI chat platform, it becomes less safe.

Why people might want to target DeepSeek users

DeepSeek quickly became popular with researchers and developers. That group of people often installs experimental tools and plugins.
People who make threats know this. Spyware that comes with browser extensions often goes after power users who install more add-ons than most people.

How far-reaching was the effect?

The number of users is about 900,000.
The number that was reported is the total number of extension installs that were visible in the Chrome Web Store at the time of discovery.

This doesn't mean that all 900,000 users lost their data. It means they added extensions that could do that.
Experts in security think that the actual data exposure probably varied based on:

• If users actively used ChatGPT or DeepSeek

• If the extension was turned on

• How long the extension stayed installed

We don't know exactly how many people were affected because there are no public server logs.

AI chat data theft works

User opens ChatGPT or DeepSeek.

↓

The browser extension runs a script that watches

↓
The user types a message in chat, and the script picks it up.

↓

Data sent to a server outside of the network

↓
The user gets a normal AI response.

The user never sees anything strange.

Signs that a Chrome extension is bad: behavioral red flags

A lot of people want to know, "How can I tell if an extension is spying on me?"
Some common warning signs are the extension asking for access to all websites without a clear reason, there being a lot of background network activity, the browser slowing down after installation, and the extension updating without any visible changes to its features.

None of these thingsprovese that someone is trying to do something bad, but they do make you worry.

Permissions that could be dangerous to look out for
From a security point of view, the most dangerous permissions are:

• Read and change all of your data on websites you visit

• Access tabs and browsing activity

• Run in the background all the time

When these permissions are misused, they let spyware into browser extensions.

How to safely get rid of bad Chrome extensions

Guide to removing step by step

1. Go to Chrome settings.
2. Go to Extensions.
3. First, turn off any extensions that look suspicious. 4. Get rid of them completely.
5. Close and reopen the browser.
6. Change the passwords for accounts that are important to you.

This is especially important if you think that Chrome extensions are stealing ChatGPT data.

Most people forget what to do after the removal steps.
A lot of people stop after they uninstall. That isn't enough.

If you use AI tools at work, you should think about:

• Reviewing any sensitive prompts you shared

• Telling your IT or security team

• Changing your API keys if you used them in chats

Effects on businesses and companies

Why businesses should care

More and more, employees are using AI tools without getting permission first. This event shows how the risk of AI chat privacy can sneak into business settings.
A single employee installing a malicious extension can put at risk:

• Client data

Internal strategies

• Source code snippets

• Legal drafts

This makes a personal choice of browser a business risk.

Enterprise AI data security holes

Most businesses work on making AI platforms safe, not browsers.
But browser extensions don't work with traditional endpoint monitoring. That makes them great for attacks that use extensions.

What the industry is saying and what experts think

A number of cybersecurity experts were careful about the first claims. Many people agreed with the technical findings but stressed the need for proof of intent and data use.
This balanced response is important. Making claims too big can make people panic. Users are at risk if you downplay them.
The most reasonable thing to take away is that Chrome extension data theft is still a real threat that isn't being regulated enough.

Questions that are often asked

Can people who use Chrome read my ChatGPT messages?
Yes, if they have permission to read webpage content, extensions can technically get into chat interfaces and record text.

Is it safe to use DeepSeek right now?
There is no proof that DeepSeek has a security hole. Third-party browser extensions are the main source of risk.

How can I tell if an extension is watching me?
Check permissions, keep an eye on how your browser works, and get rid of extensions you don't need anymore.

Do people keep an eye on or save AI chats?
AI platforms might keep chats for better performance or to follow the rules. Monitoring based on extensions is separate and often not allowed.

Final Thoughts

This event is less about two specific extensions and more about a broken model of trust.

We think of browser extensions as helpful tools that don't hurt us. In reality, they are between us and the internet, quietly watching everything. The rise of AI chat tools has made things more serious. Conversations that used to be spoken out loud are now written down. That makes them easy to steal and hard to notice when they are. It's easy to learn the real lesson. If an extension doesn't make it clear why it needs access, it probably doesn't need it.

It's no longer a choice to be careful with extensions. In the age of AI, it's part of basic digital hygiene.

 You can also read these important cybersecurity news articles on our website. 

·       Chrome Warning,

·       Chrome Problem,

·       Chrome Update,

For more Please visit our Homepage and follow us on X (Twitter) and LinkedIn for more cybersecurity news and updates. Stay connected on YouTube, Facebook, and Instagram as well. At Hoplon Infosec, we’re committed to securing your digital world.