A joint investigation by Motherboard and PCMag has shown that Avast, an antivirus, and cybersecurity company, has been collecting and selling “highly sensitive web browsing data” through Jumpshot.
Jumpshot, a subsidiary company of Avast, was initially started in 2015 to extend Avast’s data analytics capabilities. Now, reports say that it collects user data and repackages them to sell to global companies. Suspected companies who have bought data from Jumpshot include Google, Microsoft, Yelp, Pepsi, and many more.
Jumpshot was able to collect data through Avast’s web extension, and software, which they reported to have more than 435 million active users a month, and is installed in more than 100 million devices. Samples of data collected were Google searches, including locations and GPS coordinates on Google Maps, YouTube videos, online purchases, porn websites and searches, and more. The data also included the time and date the user visited any of these sites. Fortunately, personal information such as the user’s names were not included in the data collection.
After being exposed, Avast CEO Ondrej Vlcek has then issued a public statement, apologizing to the company’s customers, partners, employees, and investors. Ondrej Vlcek assured the public that Avast’s top priority is cyber protection and it must be embedded in everything they do in their business and their products. It is for those reasons that he and his board of directors have “decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.” While the decision will impact hundreds of Jumpshot employees, Avast feels that this is the right thing to do.