TipsMake
Newest
Czkawka - An open-source application that helps remove duplicate data.ESM bio-concrete: The first building material capable of absorbing carbon emissions.6 types of physical vehicles that are far better than their digital versions.Sony returns to the vinyl market with two brand-new Bluetooth turntables.Is Gigabit Ethernet still sufficient for the needs of modern home networks?

Authorities discovered a malicious VPN that stole entire ChatGPT conversations from over 8 million users.

10 Essential Chrome Extensions to Use ChatGPT
9 useful Chrome extensions for ChatGPT

A new investigation by international security experts into extensions that claim to protect privacy has uncovered a disturbing truth: some extensions are secretly collecting and selling entire user chat conversations on major AI platforms.

 

These extensions are currently available on Microsoft Edge and other Chromium-based browsers, capable of tracking and collecting conversations from at least 10 AI platforms, including: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

Urban VPN Proxy – a 'wolf in sheep's clothing'

Most notably in the investigation was Urban VPN Proxy, a Chrome extension with over 6 million users and even labeled 'Featured' by Google. The app had a 4.7-star rating from over 58,500 reviews, giving the impression of being very trustworthy – but the research results showed the opposite.

According to security experts, over 8 million Chrome and Edge users have been affected by multiple extensions sharing the same malicious code. Besides Urban VPN Proxy, this code is also present in at least seven other extensions from the same publisher, including: 1ClickVPN Proxy, Urban Browser Guard, Urban Ad Blocker

Authorities discovered a malicious VPN that stole entire ChatGPT conversations from over 8 million users. Picture 1

 

How do extensions steal data?

These extensions work by directly inserting an executor script into the AI ​​platform's website that the user is accessing. This script overrides the browser's native functions, allowing it to:

  1. Block all network traffic.
  2. Track all requests and responses between the user and the AI.

The script then analyzes the blocked API data to extract it:

  1. Every prompt user input
  2. The full AI response
  3. Time, conversation ID
  4. Session metadata

All this data is then compressed and sent to Urban VPN's servers.

Even more dangerous: data collection is always on, even when the VPN is turned off.

Worryingly, this data collection feature is enabled by default, running continuously in the background, regardless of whether the VPN is on or off, and unrelated to any options the user sees in the interface. The only way to block this behavior is to completely uninstall the extension.

According to the report, the data-stealing feature has existed since version 5.5.0 of Urban VPN, released on July 9, 2025. This means that all conversations on AI platforms since then are at risk of being exposed.

Urban VPN is currently operated by Urban Cyber ​​Security Inc., a company affiliated with BiScience – a data brokerage business. Sources indicate that the collected data is sold for analytical and marketing purposes.

Security experts recommend that users who have installed these extensions should uninstall them immediately, and consider all their AI conversations to have been compromised.

This incident also raises serious questions about the safety of third-party browser extensions. Unless absolutely necessary and their reliability is uncertain (being 'Featured' by Google is not enough), it's best to remove them to avoid serious security risks.

Discover more ChatGPT security
Samuel Daniel
Share by Samuel Daniel
Update 24 January 2026

You should read it