Cyberhaven, a data-loss prevention startup, confirmed it was hacked, leading to a malicious update of its Chrome extension that could steal customer passwords and session tokens. The breach, identified on December 25, may have impacted many users, prompting the company to urge them to revoke and rotate credentials. Cyberhaven quickly removed the compromised extension and released a secure version. The incident is part of a broader campaign targeting Chrome extension developers. The company is cooperating with federal law enforcement and has hired an incident response firm for investigation.