Comment by jstanley
8 hours ago
BrightData is another company offering hosted browsers who has also recently leaked private data, although they did email customers to warn them.
I wonder if both of these companies were compromised by a shared vulnerability in headless Chrome? Or else just a coincidence that 2 headless browser companies got hacked at the same time?
I run a headless browser fingerprinting project and have found that URLs that I only fetched via BrightData have subsequently had fetches by Anthropic's Claudebot.
I think most likely an attacker who has the customer data is using Claude to analyse it.
Brightdata? Isn't that the israeli firm formerly called luminati that sells you shady "high quality residential IPs" that you can rotate to scrape the web?
Yes, that's the one. Their residential IPs service is one of the best ones, but their "ethically sourced proxies" claim seems dubious at best.
There was a research paper several years ago showing that the "residential IP" stuff is powered by botnets and compromised devices. Luminati is specifically called out.
Paper: https://xianghang.me/files/resi_paper.pdf Medium Article: https://medium.com/@xianghangmi/resident-evil-understanding-...
Historically, their residential proxies came from backdoored proxies of HolaVPN users.
Yes. Their hosted browser service is one of the best ones out there.
Now I remember these scumbags. Hijacked HolaVPN I think.