If you use Google Chrome as your web browser and you hate Facebook’s new Timeline layout, attackers are looking for you.
Lots of people have griped about Timeline since Facebook introduced it in late 2011 (and subsequently began strongly pushing people toward it), but Chrome users beware: If you use a Chrome plugin that claims to revoke the Timeline feature, you might be sharing far more personal information than you’re aware of.
That’s because at least three of the six known Chrome plugins that claim to roll back the Timeline profile do so by accessing and tracking data on all web sites that users visit, according to security firm Barracuda Networks. Alternatively, the three ‘good’ plugins only access users’ Facebook data.
The main goal of the questionable plugins appears to be spreading to other users’ machines. They do this by announcing on your Facebook page that you’ve installed their plugin, as well as by encouraging users to fill out a bogus survey and join a fake Facebook event. What’s even more suspect is that two of the three questionable applications are hosted on sites that hide information about the authors of these plugins.
So far, business has been good for the scammers: At the time of Barracuda’s post about the situation in late August, more than 90,000 Chrome users had installed the plugins, and it is likely that number has swelled now to over 100,000.
The good news is that so far it doesn’t appear that these plugins are stealing sensitive credentials from other sites that users visit, but Barracuda makes certain to point out that doesn’t mean these applications won’t do so in the future.
Even though there are some of these Timeline rollback plugins for Chrome that don’t behave so shadily, Barracuda strongly recommends that users play it safe by avoiding all such applications. Which means that, for now at least, you should probably just embrace the Facebook Timeline.