Hello, I need to appeal! I was attacked by hackers

Hello, I need to appeal!

I’m the founder of the Geek Sidebar development team. Regarding the removal of our extension by Mozilla, I need to complete what really happened today.

At 00:18 on August 1, 2025, Beijing time, I received a phishing email with the title “Account Verification Required”. At that time, I believed it to be true because recently there was news that Firefox would stop operating in the Chinese region. I thought it was really necessary to update the developer account. So I entered the complete account password and the two-step verification code.

At 00:44 on August 1, 2025, Beijing time, when I was fast asleep, the account thief logged into my account, changed my two-step verification code, set his email as the main email, and uploaded a virtual currency extension to my account.

At 08:30 on August 1, 2025, Beijing time, I woke up from my sleep and received various abnormal account emails from Mozilla. Only then did I realize that the one from yesterday was a phishing email. So I logged into my Firefox account urgently. Fortunately, the account thief didn’t change my account password. So I immediately cancelled the login permission of the account thief and changed the password. And the malicious extension uploaded by the account thief has been taken down.

After the account thief found out that I had retrieved my account, he started giving me a crazy number of negative reviews for my extension. Every four minutes, he would receive a one-star negative review, and all the accounts with these negative reviews were new users. This must have been done by him using a script.

At 16:32 on August 1, 2025, Beijing time, I received a letter from Mozilla Add-ons. Hint: My extended Geek sidebar - Free DeepSeek/Bookmark Cloud Sync is manually reviewed by the Mozilla plugin team from reports received by third parties. The review found that it violated data collection, especially the collection of auxiliary information: it prohibited the collection of auxiliary personal information (for example, any data explicitly required by the basic functions of non-add-on components) and other regulations.

I’m sure this is a retaliatory act by the account thief after I got my account back. The most important thing is that our plugin does not collect any auxiliary personal information of users!

Our plugin is an efficiency tool that combines bookmarks and AI conversations. Users can use it after logging in by scanning a wechat code or registering with a mobile phone number from the Chinese mainland. And we also fill in the details page of the product’s privacy policy (极客侧边栏 隐私政策), you can refer to in the background!

The tool did not violate any Chinese laws throughout its operation. We only collected the error messages of the software, but no auxiliary personal information was designed for this!

At this point, I still need to emphasize that this is definitely a retaliatory act by the account thief after I retrieved my account.

I request official assistance! You can check the background logs of my account. All kinds of abnormal data are retained. We hope that the reviewers from Mozilla can help our start-up company to jointly investigate and get through this difficult time!

Thank you!

hey similar thing happened to me too but i deleted the addon in a panic now what can i do about it?

Hey @1391542927. Sorry to hear you got hit by that phishing attack. In order to appeal the auxiliary data collection verdict you should follow the instructions provided in the email from AMO. I believe that email includes a link to the appeal page. Given phishing concerns, before following that link I’d encourage you to review the recommendations that Mozilla shared in the phishing update blog post.

With regard to the data collection violation you mentioned, I should mention that data collection consent is one of the most common violation I see extension developers run into. Developers often don’t believe that their use of user data constitutes “collection” because they’re not trying to gather up data about users, but the policies are referring to any transmission of user data. We tried to make this more clear in the recent Add-ons Policies updates by updating the policy language language:

For the purposes of this policy, data transmission refers to any data that is collected, used, transferred, shared, or handled outside of the add-on or the local browser.

If you have questions about the applicability of this policy to your add-on, use the guidance in the rejection email to request clarification from the reviewers.