Cloudflare Credentials Stolen in Web Developer Chrome Extension Hack

In July, it became known – and noticeable to users – that the popular Chrome Web Developer extension had been compromised.  Suddenly malware ads that were being served up in places such as the Google homepage and Google search results, where there obviously shouldn’t be any ads of this type.  The developer issued a fix later that day, and many assumed that the developer updating the extension to remove the malicious code was enough.  But it seems the hackers had a much bigger target than simple malware – the Cloudflare credentials of everyone who used the Web Developer extension.

The Web Developer extension wasn’t the only one compromised for Cloudflare credentials, although it is the most popular one for site owners and SEOs to have installed.  Multiple other extensions were also compromised via similar phishing attacks, according to Wordfence, with a total of 4.8 million users affected.  The affected extensions:

• Web Developer – Versions 0.4.9 affected
• Chrometana – Version 1.1.3 affected
• Infinity New Tab – Version 3.12.3 affected
• CopyFish  – Version 2.8.5 affected
• Web Paint – Version 1.2.1 affected
• Social Fixer 20.1.1 affected
• TouchVPN appears to have been affected but the version is unclear
• Betternet VPN also appears to have been affected but no version was provided

For those with the above extensions installed, you need to change your Cloudflare password(s) immediately.  You also need to revoke and/or invalidate the API keys as well.

On the positive side, there are no known sites compromised via Cloudflare at this time, but those credentials could be used for a future attack.  So those keys and passwords still need to be changed.

It is also a reminder for Chrome users to periodically go through their Chrome extensions and delete or disable any extensions that are not being used on a daily basis, to reduce the likelihood that one is compromised while you are using Chrome.

For a much more detailed analysis of the original attacks, read the threat analysis on Proof Point.

The following two tabs change content below.

• Bio
• Latest Posts

Jennifer Slegg

Founder & Editor at The SEM Post

Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.

Latest posts by Jennifer Slegg (see all)

• 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
• Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
• Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
• New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
• Google Updates Experiment Statistics for Quality Raters - October 6, 2020