What happened in the AI Chrome extension data breach?

In January 2026, two Chrome extensions were discovered stealing ChatGPT and DeepSeek conversation data from 900,000 users. One extension (600K users) sent full conversations to a command-and-control server every 30 minutes. The other (300K users) disguised itself as a legitimate extension called AITOPIA.

How do I know if a Chrome extension is safe for AI conversations?

Check these red flags: (1) Requests broad permissions beyond what it needs, (2) No privacy policy or vague data collection terms, (3) Recently transferred to a new developer, (4) Sends data to unknown remote servers, (5) No open-source code or security audits. Extensions that store data locally (like AI Memory) are inherently safer than those that send data to external servers.

Is AI Memory safe to use?

AI Memory stores conversations in session-isolated server storage — only you can access your data with your session cookie. There is no tracking, no ads, no data selling, and no remote command-and-control servers. The web app is open-architecture, and you can export or delete all your data at any time.

What permissions should an AI conversation extension need?

A legitimate AI conversation extension only needs: (1) Access to specific AI platform domains (chatgpt.com, claude.ai, etc.), (2) Storage permission for local data, (3) Optional: tabs permission for auto-detection. Red flags: requests for "all websites" access, network permissions to unknown domains, or "anonymous analytics" that could be data exfiltration.

How to Safely Save AI Conversations After the 900K Data Breach (2026)

Updated June 2026 — Two malicious Chrome extensions stole ChatGPT and DeepSeek conversations from 900,000 users. Here's what happened, how to protect yourself, and what to look for in a safe AI conversation tool.

What Happened

In January 2026, security researchers discovered that two Chrome extensions had been silently stealing AI conversation data from approximately 900,000 users. The malicious extensions targeted ChatGPT and DeepSeek conversations specifically.

🚨 The Two Malicious Extensions

Extension	Users Affected	Method
"Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI"	600,000	Sent full conversations to C2 server every 30 minutes
"AI Sidebar with Deepseek, ChatGPT, Claude, and more"	300,000	Disguised as legitimate extension AITOPIA

These extensions appeared legitimate — they had thousands of reviews, professional descriptions, and provided the AI sidebar functionality they promised. But behind the scenes, they were exfiltrating every conversation to remote servers.

How the Attack Worked

The attack was sophisticated and designed to avoid detection:

Permission escalation: The extensions requested permission for "anonymous analytics data" — a vague term that actually meant full access to conversation content
DOM monitoring: Once installed, the extensions monitored DOM elements on ChatGPT and DeepSeek pages to capture conversation text in real-time
Scheduled exfiltration: Every 30 minutes, the captured conversation data was packaged and sent to a command-and-control (C2) server
Disguise tactics: One extension disguised itself as the popular AITOPIA extension, using a similar name and description to gain user trust
Gradual data collection: The extensions didn't steal data immediately — they waited and accumulated conversations over time, making the breach harder to detect

The most insidious part: these extensions actually worked. Users got the AI sidebar functionality they wanted, completely unaware that their private conversations were being stolen.

Red Flags to Watch For

When evaluating any Chrome extension for AI conversation management, watch for these warning signs:

🚩 Red Flags

Vague permissions: "Anonymous analytics" or "usage data" that could include conversation content
All-sites access: Requests permission for all websites instead of specific AI platforms
Recently transferred: Extension was bought/transferred to a new developer (common attack vector)
No privacy policy: Missing or generic privacy policy that doesn't explain data handling
Unknown network calls: Sends data to domains you don't recognize
Too many features: Promises everything (GPT-5, Claude, DeepSeek all in one) — often a lure

✅ Green Flags

Specific permissions: Only requests access to known AI platform domains
Local storage: Data stays in your browser (IndexedDB) or session-isolated server
Open source: Code is publicly auditable on GitHub
Clear privacy policy: Explicitly states no data selling, no tracking
Export capability: You can export and delete all your data at any time
Active developer: Regular updates, responsive to security reports

How to Check Your Extensions

Follow these steps to audit your current Chrome extensions:

Open Chrome extensions: Go to chrome://extensions/
Check permissions: Click "Details" on each extension and review what permissions it has. Look for "Read and change all your data on all websites" — this is the most dangerous permission.
Review network activity: Open Chrome DevTools → Network tab while using the extension. Look for requests to unfamiliar domains.
Check the developer: Click the developer name on the Chrome Web Store listing. Have they published other extensions? Is the developer verified?
Read recent reviews: Look for one-star reviews mentioning privacy concerns or suspicious behavior.
Verify the extension ID: Compare the extension ID with what the developer lists on their official website.

Safe Alternatives for Saving AI Conversations

If you want to save and manage your AI conversations safely, here are the main approaches ranked by security:

🥇 Tier 1: Built-in Export (Most Secure)

Use ChatGPT's built-in export (Settings → Data Controls → Export Data). Download the ZIP and store it locally. No third-party access required.

Pros: Zero trust required. Cons: Manual process, no search, no cross-platform.

🥈 Tier 2: Session-Isolated Web Apps (Very Secure)

Tools like AI Memory that store data in session-isolated server storage. Your data is tied to your session cookie — no tracking, no ads, no data selling. You can export or delete everything with one click.

Pros: Cross-device access, search, organization. Cons: Data on a server (encrypted by session).

🥉 Tier 3: Local-Only Extensions (Secure if Verified)

Extensions that store everything in IndexedDB with no network calls. Verify by checking Chrome DevTools Network tab.

Pros: No server dependency. Cons: Chrome-only, no cross-device, verify no hidden exfiltration.

Security Best Practices

Audit monthly: Review your installed extensions every month. Remove anything you don't actively use.
Minimize permissions: Prefer extensions that request specific domain access over "all websites" access.
Use separate profiles: Create a Chrome profile specifically for AI tools with minimal other extensions.
Export regularly: Regardless of which tool you use, export your conversations regularly and keep a local backup.
Monitor network traffic: Periodically check Chrome DevTools Network tab while using AI extensions.
Prefer web apps: Web applications (like AI Memory) are generally safer than extensions because they don't have access to your browser DOM.
Check for updates: Extensions that haven't been updated in 6+ months may have unpatched security issues.

Frequently Asked Questions

Were the malicious extensions removed from Chrome Web Store?

Yes, both extensions were removed after security researchers reported them. However, users who had them installed may still have had data exfiltrated before removal.

Can I check if my data was stolen?

If you had either of the two malicious extensions installed, assume your ChatGPT and DeepSeek conversations were compromised. Change your passwords and review your AI platform security settings.

Are Chrome extensions generally unsafe?

Not inherently, but they have powerful capabilities. A malicious extension can read everything on pages it has access to. The key is verifying permissions, checking the developer, and preferring tools with transparent security models.

Is AI Memory safer than browser extensions?

AI Memory's web app doesn't have browser DOM access — it only processes data you explicitly upload. Its session-isolated storage means no one else can access your data. This is inherently safer than extensions that monitor page content.

Save Your AI Conversations Safely

AI Memory stores your conversations in session-isolated server storage — no tracking, no data selling, no remote C2 servers. Export or delete everything anytime.

Try AI Memory Free — 100% Private →