DataSpii (pronounced data-spy) is a leak that directly compromised the private data of as many as 4 million Chrome and Firefox users via at least eight browser extensions.
DataSpii impacted the Pentagon, Walmart, AT&T, Zoom, Bank of America, Sony, Kaiser Permanente, Apple, Facebook, Microsoft, Amazon, Symantec, FireEye, Trend Micro, Boeing, Tesla, SpaceX, Pfizer, and Palo Alto Networks.
DataSpii leaked un-redacted information related to medical records, tax returns, GPS location, travel itinerary, genealogy, usernames, passwords, credit cards, genetic profiles, company memos, employee tasks, API keys, proprietary source code, LAN environment, firewall access codes, proprietary secrets, operational materials, and zero-day vulnerabilities.
By requesting data for a single domain via the NA service, Jadali was able to observe what staff members at thousands of companies were working on in near real-time.
Jadali, along with journalists from Ars Technica and The Washington Post, interviewed impacted users, including individuals and major corporations.