Rising unjustified sensitive-data access by third-party web apps across leading websites
Target Trend
Summary
Hide ▲
Show ▼
Third-party applications on 4,700 leading websites are increasingly accessing sensitive data without a business need, raising web-exposure and over-permissioning risk across major sites. The measured share rose to 64% from 51% in 2024, and government and education environments show sharper compromise signals. Common tools including Google Tag Manager, Shopify, and Facebook Pixel account for a notable share of the unjustified access.
Related Happenings
European social media scam ads generate nearly £3.8bn in 2025
Target Trend
First: 09.02.2026 12:30
Last: 09.02.2026 12:30
Sources 1
About this happening:
**European social media platforms** generated **nearly £3.8bn** from scam ads in **2025**, showing a large fraud surface that can expose users to money loss, personal-data theft,...
European social media scam ads generate nearly £3.8bn in 2025
Target TrendAbout this happening: **European social media platforms** generated **nearly £3.8bn** from scam ads in **2025**, showing a large fraud surface that can expose users to money loss, personal-data theft,...
Google confidential AI materials theft and upload
Data Leak
First: 31.01.2026 19:33
Last: 31.01.2026 19:33
Sources 1
About this happening:
Google's **confidential AI materials** were stolen and uploaded to a **personal Google Cloud account**, exposing over **2,000 pages** of sensitive design information. The leak cov...
Google confidential AI materials theft and upload
Data LeakAbout this happening: Google's **confidential AI materials** were stolen and uploaded to a **personal Google Cloud account**, exposing over **2,000 pages** of sensitive design information. The leak cov...
Android click-fraud trojans using TensorFlow.js to automate hidden ad taps
Malware Activity
First: 22.01.2026 00:07
Last: 22.01.2026 00:07
Sources 1
About this happening:
The **Android click-fraud trojan family** now uses **TensorFlow.js** to identify and tap ad elements on **Android devices**, making fraudulent clicks more adaptive and harder to s...
Android click-fraud trojans using TensorFlow.js to automate hidden ad taps
Malware ActivityAbout this happening: The **Android click-fraud trojan family** now uses **TensorFlow.js** to identify and tap ad elements on **Android devices**, making fraudulent clicks more adaptive and harder to s...
Large-scale secrets detection in JavaScript bundles reveals exposed tokens
Technical Analysis
First: 20.01.2026 12:45
Last: 20.01.2026 12:45
Sources 1
About this happening:
Large-scale scanning of **5 million applications** exposed **over 42,000 tokens** hidden in **JavaScript bundles**, showing that existing secret-detection tooling misses a major l...
Large-scale secrets detection in JavaScript bundles reveals exposed tokens
Technical AnalysisAbout this happening: Large-scale scanning of **5 million applications** exposed **over 42,000 tokens** hidden in **JavaScript bundles**, showing that existing secret-detection tooling misses a major l...
GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge
Campaign
First: 17.01.2026 17:23
Last: 17.01.2026 17:23
Sources 1
About this happening:
The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...
GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge
CampaignAbout this happening: The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...
Timeline
-
14.01.2026 13:00 2 articles · 4mo ago
Reflectiz reports rising unjustified third-party access on leading websites
Initial DisclosureReflectiz research on 4,700 leading websites finds that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. The same research says government malicious activity rose from 2% to 12.9%, education sites show active compromise at 1 in 7, and Google Tag Manager, Shopify, and Facebook Pixel account for notable shares of unjustified access and over-permissioned collection.
Show sources
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification — thehackernews.com — 14.01.2026 13:00