Your security solution should be a silent eye watching over your actions, insuring you aren’t falling prey to miscreants online. But what if your anti-virus was watching you, and then selling that data to a third party?

A joint investigation by Motherboard and PC Mag has uncovered some alarming details about Avast.

The investigation found that an Avast antivirus was collecting data from users. That data was then used by another Avast subsidiary called Jumpshot and that’s when things get concerning.

Jumpshot reportedly repackaged that data and sold it as a variety of products to its clients. These products included something called an “All Clicks Feed”. This reportedly tracked a user’s behaviour, clicks and movement through websites.

Past clients of Jumpshot include Google, Microsoft, Pepsi, Condé Nast and many others.

The good news is that no personal information was included in this data but Motherboard reports that the amount of data could easily be used to identify certain users.

“A set of Jumpshot data obtained by Motherboard and PCMag shows how each visited URL comes with a precise timestamp down to the millisecond, which could allow a company with its own bank of customer data to see one user visiting their own site, and then follow them across other sites in the Jumpshot data,” reported Motherboard.

While users are given the option to opt out of data collection from the Avast antivirus, it’s clear that users weren’t informed as to how much data was collected.

Jumpshot states that its data is only meant to give insights into the types of products folks are looking at but the amount of data available for sale is concerning.

We highly recommend reading the full reports from both Motherboard and PC Mag for the details of the story.