Yesterday, two zones were quickly blocked as a result of being related to the DataSpii case.
The commit (https://github.com/bentasker/adblocklists/commit/5a90d2cf4e40eaba383e0d8a0c17b6e7b0618268
(the commit also accidentally picked up a previously uncommitted change. oops).
The second zone was blocked because the former CNAME's into it
$ host pnldsk.adclarity.com
pnldsk.adclarity.com is an alias for pnldsk.adcint.net.
pnldsk.adcint.net has address 18.104.22.168
Both domains are associated with the company Adclarity - an Israeli marketing intelligence (read tracking) company.
They, however, were just a conduit for the DataSpii issue, and many more domains were involved.
DataSpii is described as
DataSpii is the catastrophic data leak that occurred when any one of eight browser extensions collects browsing activity data — including personally identifiable information (PII) and corporate information (CI) — from unwitting Chrome and Firefox users. This data was then disseminated to members of an online service, where it may have been appropriated or exploited by any member.
Extensions known to be involved (i.e. sending data) are
- Hover Zoom
- SaveFrom.net Helper
- Fairshare Unlock
- Branded Surveys
- Panel Community Surveys
Extensions have been observed surreptiously submitting all visited URLs (and in some cases, all URLs visible within
pages visited), ultimately resulting in those URLs being processed by Nacho Analytics. Some of the extensions listed deployed measures to try and evade detection, including waiting (on average) 24 days after install to start submitting browsing data.
URL strings have been found, in some cases, to contain PII.
An indicator file has been made available here - https://securitywithsam.com/dataspii-latest.ioc
- containing all the currently known hostnames associated with this serious data leak.
This issue is being raised to track taking that file, extracting the domains and adding them into the blocking list.