What did Honey browser extension do wrong?

Honey secretly replaced creators' affiliate cookies at checkout, stealing their commissions. It also let merchants pay to suppress better coupon codes from users.

Is the Honey extension a scam?

MegaLag's Dec 2024 YouTube exposé (9.4M views) showed Honey hijacks affiliate links and manipulates coupons, leading to class action lawsuits and Google policy changes.

Why did Chrome remove Honey from its store?

Google updated its Chrome Web Store policy to prohibit extensions from changing affiliate links without user benefit, directly in response to the Honey controversy.

What happened after the Honey MegaLag video?

Honey lost 4-5M Chrome users. A class action lawsuit was filed. The co-founder's new ad-blocker Pie was exposed for stealing GPL code from uBlock Origin.

What is cookie stuffing and how did Honey use it?

Cookie stuffing means replacing legitimate affiliate cookies with your own. Honey opened hidden tabs at checkout to inject its cookie, capturing commissions from influencers.

What browser extension should I use instead of Honey?

Rakuten and Capital One Shopping are alternatives — though trust in automatic coupon extensions is broadly damaged after the Honey scandal.

← Back to dashboard

clawsmith.com/signal/honey-extension-affiliate-hijack-scam

⚠ IssueWide OpenLive

Honey Browser Extension Exposed: Hijacks Affiliate Links, Steals Influencer Commissions, Copied GPL Code

PayPal's Honey extension (17-20M Chrome users) was exposed in Dec 2024 by YouTuber MegaLag (9.4M views): it replaces creators' affiliate cookies at checkout to steal their commissions, lets merchants suppress better coupons, and its co-founder's new ad-blocker Pie stole GPL code from uBlock Origin. Honey lost 4M Chrome users. Class action filed. Google updated extension affiliate policies. HN threads totaled 2831 combined engagement.

Product Idea from this Signal

A browser extension that monitors installed extensions for ownership transfers, permission scope changes, and suspicious outbound data requests in real time

5.8k ▲

Chrome extensions are a weaponized attack surface with no end-user runtime defense. Three documented incidents expose the gap: Honey hijacked affiliate cookies for millions of users (MegaLag expose: 9.4M YouTube views, 4M Chrome users lost); Urban VPN and 7 related extensions silently intercepted 8M users ChatGPT, Claude, and Gemini conversations and sold them to a data broker via a silent update; QuickLens and ShotBird were purchased by threat actors in Feb 2026 and turned malicious within weeks, stripping CSP headers and injecting remote JS on every page load. The Chrome Web Store review system does not alert existing users when an extension changes ownership or gains new permissions post-install. No consumer-facing tool watches for these events at runtime. This extension sits inside Chrome, monitors every other installed extension for developer/publisher changes, permission manifest diffs, and anomalous outbound network requests (especially to AI conversation endpoints), and surfaces alerts before damage is done.

browser-extensionsecurityprivacychromesupply-chainai-conversationsextension-monitoring

Competitive1000 leadsView Opportunity →