Google Account Compromised, Malware Shipped in Unofficial Update To My Extension?

[Theo Browne]

Hey guys, been a very long day.

I am the developer of Chrometana, a Chrome extension with around a quarter million active users who want to bypass Cortana's default search engine choice, Bing. 

I woke up today to a ton of emails and issues on my Github about an update (version 1.1.3) that was apparently shipped to Chrometana, bundled with malware. 

If you look below at the access history for my account, you can see a single sign-on that occurred "5 hours ago" with no location info. I was asleep at the time.

I have shipped an official, malware-free update and changed my password. 2FA was activated on the account at the time of this compromise. I have tried reaching out to Google with no luck.

I am beyond concerned that a compromise like this can happen again. Any ideas as to how this happened, how to prevent it in the future, or even who to contact to get a bit more info?

Thanks so much,

-Theo

[David G]

Hi Theo have you had contact with anyone from Chrome Store to resolve or help with this issue?

[hein...@chromium.org]

Hi Theo --

The Chrome Web Store Team is aware of a phishing attack circulating via email that attempts to steal credentials of developers and hijack their extensions. For your particular case, it seems that the right steps were taken to secure the account and ensure the safety of your extension’s users - and we appreciate your quick action and diligence in protecting users.

We are monitoring this attack with our security team and are investigating the best ways to secure developer accounts and alert all developers. We encourage all developers to be wary of potential phishing attempts, to monitor access history for their accounts and to implement two-factor authentication.

Regards,
Brooke, on behalf of the Chrome Web Store Team