Recently the add-on Stylish was removed from Chrome’s, Firefox’ and Opera’s web stores. It turns out that there’s actually been spyware lurking in the code since January 2017, under its new owner SimilarWeb which bought Stylish in October 2016. This code has been sending off all browsing activity such as full URL’s (so also authentication tokens etc, everything that got sent as a GET request) as well as search information. When you’re logged in to Userstyles.org, the add-on would also send out your session cookie for this website as well, allowing correlation between browsing habits and real-world identities.
At HackingVision we strongly recommend that you uninstall Stylish if you still have it, and change passwords for any website that passed authentication data in its URL that may still be usable to establish a session. Luckily there’s a drop-in replacement called Stylus available. This one – for now at least – respects your privacy. However, constant vigilance is key.