PayPal—PayPal's Honey browser extension accused of affiliate fraud and privacy violations, facing 20+ class-action lawsuits
In December 2024, investigations revealed that PayPal's Honey browser extension (acquired for $4 billion in 2020) had been secretly re-attributing affiliate marketing sales by modifying affiliate links at checkout, crediting Honey even when no coupon was applied. The extension also collected extensive user data including full URLs visited, timestamps, and device IDs. Honey lost 3 million of 20 million users within two weeks. PayPal faces over 20 class-action lawsuits alleging wiretapping, unfair competition, and unjust enrichment.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Consumer Protection | -against | secondary | -0.50 |
| User Privacy | -against | primary | -1.00 |
| Overall incident score = | -0.362 | ||
Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.64)× agency (negligent ×0.5)
Evidence (2 signals)
Multiple class-action lawsuits filed against PayPal over Honey extension affiliate fraud and privacy violations
In December 2024, YouTuber MegaLag exposed that Honey was secretly re-attributing affiliate marketing sales. Three law firms filed a federal class-action lawsuit on December 29, 2024, alleging intentional interference with contractual relations, unjust enrichment, and California Unfair Competition Law violations. PayPal faces over 20 class-action lawsuits total. Honey lost 3 million users within two weeks.
Investigation found Honey extension collected full browsing URLs, timestamps, and device IDs
An investigation by German non-profit Data Request found that PayPal's Honey browser extension collected timestamps, unique user IDs, device IDs, and the full URLs of every page visited. The extension also collected IP addresses, which could be used to determine location. This extensive data collection occurred while Honey marketed itself as a free coupon-finding tool.