Urban VPN Caught in AI Data Collection Scandal: 8 Million Users Exposed

Trust in the digital privacy ecosystem just took another massive hit. Security reports have confirmed that Urban VPN and a suite of related browser extensions have been actively harvesting user data. But this isn't just about tracking which websites you visit. This time, the extensions are capturing the actual content of your conversations with major AI platforms.

If you have Urban VPN, 1ClickVPN, or Urban Browser Guard installed, your private prompts to ChatGPT, Claude, Gemini, and others are likely sitting in a data broker’s server. This breach affects approximately 8 million users across Chrome and Edge. The breach is severe because it targets the very tools people use for coding assistance, medical inquiries, and drafting sensitive business emails.

Here is exactly what is happening, how the AI data collection mechanism functions, and the specific steps you need to take right now to lock down your digital footprint.

Immediate Steps to Stop AI Data Collection from Urban VPN

Before understanding the technical breakdown of the theft, you need to secure your environment. If you have any extensions from "Urban Cyber Security Inc." installed, the immediate advice is to remove them. Disabling them is often insufficient because background processes can persist in certain browser states.

Steps for immediate mitigation:

1. Audit your extensions: Go to chrome://extensions or edge://extensions.

2. Search for IOCs: Look for Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, or Urban Ad Blocker.

3. Uninstall completely: Do not just switch the toggle to "off." Remove the extension entirely.

4. Invalidate Sessions: Log out and log back in to your AI accounts (OpenAI, Anthropic, Google) to reset session tokens, although the data already scraped is irretrievable.

Switching to Local LLMs to Bypass Browser Risks

Many power users and developers saw this coming. Relying on a browser-based interface for AI implies a level of trust in every extension installed on that browser. The recent exposure of Urban VPN has validated the shift toward Local LLMs.

Moving your AI workflow offline is the only way to guarantee that a rogue extension cannot scrape your thoughts. Running models locally—using tools like Ollama, LM Studio, or specialized front-ends—removes the browser from the equation entirely.

Experienced users are adopting "headless" setups or terminal-based interfaces. For example, setting up a local environment using ncurses with Vim keybindings allows for high-speed interaction with models like Llama 3 or Mistral without ever opening Chrome. This approach creates an air gap between your sensitive queries and the "wild west" of browser extension permissions. If you are discussing proprietary code or financial data with an AI, a local deployment isn't just a hobbyist project; it's a necessary security protocol.

Identifying Affected Urban VPN Versions

You might wonder if your specific installation is compromised. The malicious AI data collection code was introduced in Urban VPN version 5.5.0, released around July 9, 2025.

If your extension updated after this date—and browser extensions usually update silently in the background without user intervention—you are affected. The collection logic is aggressive. It doesn't matter if the VPN is effectively "off" or disconnected. The script injection happens at the browser level, not the network tunnel level. As long as the extension has permissions to "read and change all your data on the websites you visit" (which VPNs require to function), it can read your chat logs.

How the Urban VPN Spyware Mechanism Works

The method used here is sophisticated and disturbing. It goes beyond simple URL tracking. The extension uses a technique called script injection to insert a piece of code—often referred to as an "executor"—directly into the webpage of the AI service you are using.

Script Injection and API Hijacking

When you navigate to a site like ChatGPT.com, the Urban VPN extension injects a payload that overrides the browser's native communication functions. Specifically, it wraps the fetch() and XMLHttpRequest APIs. These are the standard methods browsers use to send your prompt to the server and receive the AI's answer.

By intercepting these specific requests, the extension gains access to the unencrypted text of your conversation. It captures your question. It captures the AI's response. It then bundles this text and silently transmits it to endpoints like analytics.urban-vpn.com.

This bypasses traditional encryption. Even though the connection between you and OpenAI is HTTPS (secure), the extension sits inside your browser, seeing the data before it gets encrypted and sent out. This creates a scenario where a tool installed for "privacy" acts as a literal man-in-the-middle attack against its own user.

The Connection to BiScience Data Broker

The data doesn't just sit on a server; it has a commercial destination. Urban VPN is a brand under Urban Cyber Security Inc., which is deeply connected to BiScience, an Israeli data broker.

The CEO of Urban Cyber Security is also the founder of BiScience. Historically, these entities monetized "clickstream data"—anonymized lists of websites users visit. However, the shift to AI data collection represents a new, high-value asset class.

Conversational data is incredibly valuable for marketing analysis and training competitive models. By analyzing what 8 million users ask AI, a company can build detailed psychological profiles, understand corporate trends before they become public, and identify consumer pain points with unprecedented accuracy. Your desire for a free VPN service is being subsidized by the sale of your most intimate digital conversations.

The Scope of AI Data Collection: Affected Platforms and Extensions

The attack is not limited to a single AI provider. The malicious scripts target a hardcoded list of the world's most popular AI interfaces. The affected platforms include:

• ChatGPT (OpenAI)

• Claude (Anthropic)

• Gemini (Google)

• Microsoft Copilot

• Perplexity

• DeepSeek

• Grok (xAI)

• Meta AI

This wide net ensures that regardless of which major LLM you prefer, Urban VPN is listening.

The ecosystem of extensions involved is also larger than just the flagship VPN. The compromised extensions include:

• Urban VPN Proxy (approx. 6 million users on Chrome, 1.3 million on Edge)

• 1ClickVPN Proxy

• Urban Browser Guard

• Urban Ad Blocker

The sheer number of users involved—over 8 million—makes this one of the largest privacy violations in the recent history of browser extensions.

Why the "Featured" Badge Failed to Protect Users

A concerning aspect of this incident is that these extensions carried the "Featured" badge on the Google Chrome Web Store. Users have been trained to view this badge as a seal of approval or a guarantee of safety.

The reality is different. Store reviews are primarily automated, with manual reviews often missing complex behavioral changes introduced in updates. The malicious code for AI data collection was pushed in an update (version 5.5.0) long after the extensions had established their user base and reputation.

This highlights a systemic failure in how browser ecosystems rely on permissions. When a user grants an extension permission to "read and modify data on all websites," they are handing over the keys to the castle. The store platform owners (Google and Microsoft) failed to detect that this permission was being repurposed to scrape proprietary and private chat data.

The Real Cost of "Free" Privacy Tools

This incident serves as a brutal reminder of the economics of the internet. Running a global VPN network is expensive. It requires server infrastructure, bandwidth, and maintenance. If a company offers this service for free, the money must come from somewhere else.

In the past, users essentially paid with their bandwidth (peer-to-peer VPNs) or their browsing history. Now, the currency has inflated. You are paying with your medical questions, your legal inquiries, your coding problems, and your creative writing.

The contradiction is stark. Urban VPN markets itself as a privacy solution. Its tagline and branding suggest security and anonymity. Yet, the privacy policy—buried deep in legal text—admits to sharing data with BiScience for "commercial insights." This disconnect between marketing ("Stay Safe!") and reality ("We sell your chats") is deceptive.

For effective privacy, the only viable path is paid, auditable services or open-source, self-hosted alternatives. Privacy is a product you usually have to buy; if you aren't buying it, you are the product being sold.

FAQ: Urban VPN and Data Privacy

Q: Does uninstalling Urban VPN delete the data they already collected?

No. Uninstalling the extension prevents future AI data collection, but any conversation logs already transmitted to their servers (since July 2025) remain in their possession and have likely been processed or sold.

Q: Can I just turn off the VPN to stop the AI scraping?

No. The data scraping script operates independently of the VPN tunnel. As long as the extension is enabled in your browser, it injects the recording script into AI websites, even if the VPN is disconnected.

Q: Does this affect the desktop version of Urban VPN?

The current reports specifically isolate the browser extensions (Chrome and Edge add-ons). However, given the ownership structure and business model, trusting the desktop software with your network traffic carries significant risk.

Q: How can I check if I am using a compromised version?

Go to your browser's extension management page and check the version number. If you are on version 5.5.0 or higher of Urban VPN or its sister extensions, you are running the compromised code.

Q: Are Firefox users affected by this specific breach?

The primary reports focus on Chrome and Edge stores. Mozilla Firefox generally has stricter review policies, and the user base is smaller, but cross-platform users should verify their Firefox add-ons immediately as a precaution.