If you've ever shopped online, you've probably seen the Honey browser extension advertised everywhere - from YouTube sponsorships to podcast ads. The extension, owned by PayPal since 2020, promised to automatically find coupon codes and save you money. But a December 2024 investigation revealed troubling practices that every business and consumer should understand.
What Happened
In December 2024, YouTuber MegaLag released an investigative video titled "Exposing the Honey Influencer Scam" that garnered over 13 million views within days. The investigation revealed that Honey wasn't just finding coupons - it was allegedly engaging in deceptive practices that hurt both content creators and consumers.
The Key Allegations
1. Affiliate Commission Hijacking
When you click a link from your favorite YouTuber or blogger to buy a product, that creator typically earns a small commission through affiliate tracking. The investigation found that Honey's extension would pop up at checkout and replace the creator's affiliate cookie with PayPal's own cookie - even when no coupon was found or applied.
This means:
- The content creator who referred you gets nothing
- PayPal pockets the commission instead
- This happens whether or not Honey actually saves you money
2. Not Always the Best Deals
Despite claiming to find "the best" coupon codes, investigations revealed that Honey allegedly prioritizes codes from its partner merchants over codes that might save consumers more money. In some cases, better publicly-available codes were ignored in favor of partner-approved codes that benefited Honey's revenue share agreements.
3. Private Coupon Code Scraping
A follow-up investigation in December 2025 alleged that Honey scraped private coupon codes shared between users and businesses, adding them to their public database without permission. When businesses complained, Honey allegedly encouraged them to become paying partners rather than removing the codes.
4. Extensive Data Collection
The investigation revealed that Honey collects detailed user browsing and shopping data that goes beyond what's necessary for finding coupons. This data is valuable for PayPal's advertising and analytics businesses.
The Fallout
Legal Action
Over 20 class action lawsuits have been filed against PayPal, including one backed by YouTuber LegalEagle's law firm. The suits allege:
- Intentional interference with contractual relations
- Unjust enrichment
- Violations of California's Unfair Competition Law
- Computer fraud and wiretapping claims
User Exodus
Honey lost approximately 3 million users within two weeks of the allegations going public. By the end of 2025, the extension had lost around 8 million of its 20 million users.
Industry Response
- Google updated Chrome Web Store policies in March 2025 to prohibit extensions from claiming affiliate commissions without providing actual discounts
- Microsoft discontinued its similar Shopping coupon feature in May 2025
- Rakuten Advertising removed Honey from its affiliate network in January 2026
What This Means for Your Business
If You Run Affiliate Programs
Browser extensions like Honey can intercept your carefully cultivated affiliate relationships. Consider:
- Monitoring your affiliate attribution for unusual patterns
- Working with affiliate networks that have policies against cookie hijacking
- Educating your affiliate partners about these risks
If You're a Content Creator
Your affiliate income may have been impacted without your knowledge. The class action lawsuits may provide recourse if you've lost commissions.
If You Use Browser Extensions
This scandal is a reminder to carefully evaluate what permissions browser extensions request. Extensions with broad access to your browsing data can:
- Track everything you do online
- Modify web pages you visit
- Intercept form data and transactions
- Inject their own code into websites
Our Recommendations
- Audit your browser extensions - Remove any you don't actively use
- Check extension permissions - Be wary of extensions requesting access to "all websites"
- Consider the business model - If a service is free, you're likely the product
- Use official retailer apps - Many stores have their own apps with exclusive deals
- Manually search for codes - Sites like RetailMeNot don't require browser extensions
Honey's Response
Honey co-founder Ryan Hudson publicly denied that Honey is a scam and disputed MegaLag's key allegations. PayPal acknowledged certain code practices in January 2026 and announced they had been disabled. However, the numerous lawsuits continue to move forward.
The Bigger Picture
The Honey scandal highlights a broader issue with browser extensions and "free" services. When a company offers a free product, they need to monetize somehow. In Honey's case, the monetization allegedly came at the expense of content creators and potentially consumers who weren't getting the best deals.
As cybersecurity professionals, we encourage everyone to think critically about the tools they install and the permissions they grant. A few dollars in savings isn't worth compromising your privacy or supporting practices that harm the creator economy.
Sources
Need Help With Your IT?
Our team of experts is ready to help you implement the strategies discussed in this article. Whether you need cybersecurity assessments, cloud migration support, or managed IT services, we're here to help.