Urban VPN Proxy AI chat data leak
Data Leak
Summary
Hide ▲
Show ▼
The Urban VPN Proxy browser extension was updated on July 9, 2025 to silently exfiltrate AI chat prompts and responses, exposing conversation data from millions of Chrome and Edge users. The collection covered chats with ChatGPT, Claude, Copilot, DeepSeek, Gemini, Grok, Meta AI, and Perplexity. It routed the captured material to analytics.urban-vpn[.]com and stats.urban-vpn[.]com. The leak also included conversation identifiers, timestamps, session metadata, and model details, widening the privacy impact beyond prompt text alone.
Related Happenings
Chrome extension PUP distribution network with fake organic traffic
Malware Activity
H score18
First: 15.06.2026 14:07
Last: 15.06.2026 14:07
Sources 1
About this happening:
A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Chrome extension PUP distribution network with fake organic traffic
Malware ActivityAbout this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Trend
H score76
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
H score66
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
Campaign
H score45
First: 07.04.2026 18:51
Last: 07.04.2026 18:51
Sources 1
About this happening:
A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
CampaignAbout this happening: A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical Analysis
H score24
First: 17.02.2026 20:08
Last: 17.02.2026 20:08
Sources 1
About this happening:
Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical AnalysisAbout this happening: Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
Timeline
-
15.12.2025 19:46 1 articles · 6mo ago
Urban VPN privacy policy adds AI prompt collection
Legal Policy Action UpdateUrban VPN Proxy's updated privacy policy, as of June 25, 2025, says it collects AI prompts and outputs for Safe Browsing and marketing analytics, and says any secondary use of the gathered AI prompts will be carried out on de-identified and anonymized data even though sensitive personal information may be processed.
Show sources
- Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats — thehackernews.com — 15.12.2025 19:46
-
15.12.2025 19:46 1 articles · 6mo ago
Urban VPN Proxy version 5.5.0 enables AI chat harvesting
Technical Analysis UpdateUrban VPN Proxy version 5.5.0, released on July 9, 2025, enabled AI data harvesting by default using hard-coded settings and used tailored executor JavaScript such as chatgpt.js, claude.js, and gemini.js to intercept prompts and responses on targeted AI chatbots before exfiltrating the conversations to analytics.urban-vpn[.]com and stats.urban-vpn[.]com.
Show sources
- Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats — thehackernews.com — 15.12.2025 19:46
-
15.12.2025 19:46 2 articles · 6mo ago
Koi Security reports Urban VPN Proxy AI chat harvesting
Initial DisclosureKoi Security reported that Urban VPN Proxy, a Featured Chrome extension with six million users, silently gathered prompts from AI chatbots including OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity, and said identical AI harvesting appeared in three other extensions from the same publisher across Chrome and Microsoft Edge, taking the publisher's total install base to over eight million.
Show sources
- Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats — thehackernews.com — 15.12.2025 19:46
- Urban VPN Proxy Accused of Harvesting AI Chat Conversations — www.infosecurity-magazine.com — 16.12.2025 18:45