Is it safe to use Honey extension in 2026?

Honey (owned by PayPal) won't compromise your passwords or financial accounts. However, a 2024 investigation and class-action lawsuits raised concerns that go beyond traditional 'safety': Honey was alleged to override affiliate links (taking commissions from content creators who referred you to a store) and to show users only the coupons that maximized Honey's own revenue — not necessarily the best deals. Whether you consider this 'safe' depends on your definition.

Why did Honey get sued?

In late 2024, content creators and consumers filed class-action lawsuits against PayPal and Honey. The core allegations: (1) Honey was hijacking affiliate links, replacing influencer tracking links with its own to steal commissions from creators who drove shoppers to retailers; (2) Honey's coupon-finding algorithm was deliberately showing users lower-value coupons that generated more revenue for Honey, rather than the highest-value discounts available.

Does Honey sell your data?

Honey's privacy policy (as a PayPal subsidiary) allows it to collect your browsing behavior, purchase history, and shopping patterns. This data is shared within the PayPal ecosystem and used for targeted advertising. Honey doesn't 'sell' your data to third parties in the traditional sense, but it does monetize it internally. If data privacy is a concern, browser-extension-free alternatives like SaveClub collect significantly less browsing data.

What browser extensions are safer than Honey?

Capital One Shopping is the most trusted Honey alternative — it's owned by a major regulated bank with stricter data practices and has not faced the affiliate manipulation allegations that Honey has. Rakuten's browser extension is another established option. For shoppers who want to avoid browser extensions entirely, SaveClub offers cashback savings without requiring any extension installation, eliminating browser data collection concerns altogether.

Cashback Apps · 2026

Is the Honey Extension Safe? What Happened in 2026

April 3, 2026 9 min read Updated after 2025 lawsuits

PayPal's Honey browser extension was caught systematically replacing affiliate commissions — stealing revenue from YouTubers and publishers who sent you to a retailer. Here's what actually happened, what the lawsuits say, and whether you should still use it in 2026.

TL;DR

What happened: The MegaLag investigation (Dec 2024) proved Honey overwrites affiliate cookies, redirecting commissions from creators to itself.
Lawsuits: Multiple class-action suits filed in early 2025 against PayPal/Honey, citing deceptive practices and unjust enrichment.
Is it safe in 2026? It won't steal your passwords — but it tracks every page you visit and has demonstrated it will prioritize its own revenue over transparency.
Best alternative: SaveClub — no browser extension, weekly payouts, no cookie manipulation. Full comparison here →

What Is Honey, Exactly?

Honey is a browser extension, owned by PayPal since a $4 billion acquisition in 2020, that automatically applies coupon codes at checkout. The pitch is simple: install the extension, shop as normal, and Honey pops up at checkout to find discount codes. It earns affiliate commissions when users make purchases through its tracked links, then shares a portion back to users in the form of "Honey Gold" points.

At its peak, Honey had over 17 million active users and was one of the most-installed browser extensions on Chrome and Firefox. Sponsored by virtually every major YouTuber for several years, it felt like an obvious, free add-on. The problem, as a December 2024 investigation revealed, was that "free" came with hidden costs — for creators, publishers, and users who never knew.

What Actually Happened: The MegaLag Exposé

In December 2024, YouTuber MegaLag published a video investigation titled "Exposing Honey's Sneaky Scam." It spread quickly — tens of millions of views in the first week — and the details were damning.

How Affiliate Commissions Work (The Background)

When a content creator includes an affiliate link to a retailer — say, recommending a product and linking it with their creator code — they earn a commission if the viewer purchases. The commission attribution uses "last-click" tracking: whichever affiliate link was clicked most recently before checkout gets credit for the sale.

This is the foundation of the creator economy. A YouTuber with 500,000 subscribers driving $2M in annual retail sales earns a meaningful income from those affiliate commissions. It's not a rounding error — for many creators, it's their primary revenue stream.

What Honey Was Actually Doing

When Honey's extension is active and a user arrives at a retailer's checkout page — regardless of how they got there, including through a creator's affiliate link — Honey triggers and applies its own tracking code. This overwrites the last-click attribution, replacing the creator's affiliate cookie with Honey's.

The retailer pays the commission to Honey instead of the creator. Honey pockets the commission (or shares a small fraction back as Honey Gold). The creator gets nothing, despite having sent the customer to the retailer in the first place.

⚠ The Core Problem

Every time a Honey user purchased through a creator's affiliate link, the creator lost their commission — without either party knowing. The user thought they were getting a coupon. The creator thought they were earning commissions. Only Honey knew both were wrong.

MegaLag's investigation documented this behavior with screen recordings, network analysis, and direct communication with affected creators. The video cited multiple major YouTubers — including some with tens of millions of subscribers — who had unknowingly been underpaid for years due to Honey's attribution replacement.

Timeline: The Scandal Unfolds

December 2024

MegaLag Investigation Goes Viral

The exposé reaches 30M+ views. Major tech publications cover the story. Honey begins losing users at scale. Several major YouTubers publicly cut ties with Honey sponsorships, some offering refunds to their audiences for past promotions.

January 2025

PayPal Responds — Partially

PayPal issues a statement saying Honey operates within industry norms and complies with affiliate network policies. The statement does not deny the last-click replacement behavior, instead framing it as standard practice. Critics note this is technically true — the practice is widely used — but that doesn't make it disclosed or ethical.

February 2025

Class-Action Lawsuits Filed

Law firms file class-action suits in multiple U.S. jurisdictions on behalf of consumers, creators, and publishers. Claims include unjust enrichment, deceptive trade practices, breach of implied contract, and violations of California's consumer protection laws (CCPA, UCL). The suits collectively represent millions of affected parties.

Mid-2025

User Exodus Accelerates

Honey's Chrome Web Store rating drops sharply as negative reviews reference the scandal. Competitor cashback apps see significant signup spikes. PayPal's earnings calls begin acknowledging Honey as a challenged asset.

2026 (Ongoing)

Lawsuits in Discovery Phase

The class-action litigation is ongoing as of April 2026. No settlement has been announced. Honey continues to operate but with significantly reduced trust, reduced sponsorship visibility, and ongoing regulatory scrutiny.

Is the Honey Extension Safe to Use in 2026?

This depends on what you mean by "safe." Let's separate the categories clearly:

1. Will It Steal Your Password or Financial Data?

No. There's no credible evidence Honey harvests passwords, payment card numbers, or login credentials. It's not malware in the traditional sense. If your question is "will Honey compromise my bank account?" — the answer is almost certainly no.

2. What Data Does It Actually Collect?

A lot more than most users realize. Because it's a browser extension, Honey has access to pages you visit, items you browse, your purchase behavior, and retailer interaction data. As part of the PayPal ecosystem, this data feeds into one of the largest commercial payment data networks on earth.

Data Type	What Honey Collects	Risk Level
Browse History	Pages visited on retail/shopping sites when extension is active	Medium
Purchase Data	Items purchased, order amounts, retailers, timestamps	High
Cart Contents	Items added/removed from shopping carts across retailers	High
Coupon Search Behavior	Which retailers you check, which coupons you apply	Medium
PayPal Account Integration	Purchase history linked to PayPal identity if you're logged in	High
Password / Banking Data	Not collected (no evidence of harvesting credentials)	Low

The privacy concern isn't that Honey will drain your bank account. It's that you're trading a significant amount of behavioral data for modest savings — and doing so with a company that has now demonstrated it will prioritize its own revenue over transparency with users and creators.

3. Should You Trust Honey After the Scandal?

That's the harder question. The affiliate replacement behavior wasn't an accident or a bug — it was a fundamental feature of Honey's business model that operated for years without disclosure. PayPal acquired Honey knowing this model existed. The company defended it when exposed.

Context

Last-click attribution replacement is technically permitted under many affiliate network terms of service. This is an industry-wide issue, not unique to Honey. But Honey was the largest, best-known actor doing this at scale — and it actively marketed itself to creators as a tool that would complement their affiliate income, while doing the opposite.

The practical answer: Honey poses minimal security risk to your personal data in the traditional sense. But you're trusting an extension with broad browser permissions to a company that spent years extracting value from its own distribution partners without disclosure. If that's not your definition of "safe," that's reasonable.

The Best Honey Alternatives in 2026

The good news: you don't need Honey to save money on online purchases. Several alternatives offer better payouts, better privacy, and none of the controversy.

#1 SaveClub

Pays Every Friday No Extension Needed 150,000+ Stores

SaveClub is the cleanest Honey alternative for one reason above all others: no browser extension required. You activate cashback by clicking through the SaveClub portal before shopping — no persistent background process, no browsing data harvested, no cookie manipulation.

Payouts happen every Friday with no minimum threshold. That contrasts sharply with Honey Gold's points-to-PayPal conversion system, which involves holding periods and redemption friction. With SaveClub, cash lands in your account weekly, automatically.

Coverage spans 150,000+ stores across every major category: Amazon, Walmart, Target, Nike, Apple, travel, hotels, subscriptions. The affiliate attribution is transparent — no last-click replacement, no cookie swapping. If you clicked through SaveClub, that's where the commission goes.

Best for: Anyone who wants meaningful cashback without a browser extension, weekly payouts, and a clean privacy story. See the full SaveClub vs Honey comparison →

#2 Rakuten

Free Quarterly Payout

Rakuten is the most direct Honey replacement in terms of retail coverage and portal-style cashback. It has no affiliate attribution scandal and generally operates transparently within the affiliate marketing ecosystem. The major drawback is payout speed: Rakuten pays quarterly (60–90 days), mailing a check or PayPal transfer every three months, with a $5 minimum.

If you want a known, established alternative and payout speed doesn't bother you, Rakuten is a solid choice. If you're switching from Honey specifically because the "waiting to get paid" model frustrates you, Rakuten solves the ethics problem but not the cash-flow problem.

Best for: High-volume online shoppers who want reliable cashback and don't mind quarterly payouts. Compare SaveClub vs Rakuten →

#3 Capital One Shopping

Free Browser Extension

Capital One Shopping (formerly Wikibuy) is the most direct functional replacement for Honey — it's a browser extension that automatically applies coupons at checkout. It does not have the same affiliate replacement controversy as Honey, but it's worth noting: as a browser extension, it has the same structural access to your browsing data.

The savings credits take 90+ days to be confirmed and have a $25 minimum withdrawal. The coupon application is automatic and genuinely useful. Better UX than Honey. Same privacy trade-off inherent to any browser extension.

Best for: Users who specifically want an auto-coupon extension and are comfortable with Capital One's data practices.

#4 Ibotta

PayPal / Venmo Free

Ibotta focuses on grocery, household, and CPG cashback — a category where Honey's retail extension model doesn't compete well anyway. It has no browser extension (it's an app), offer-based redemptions at major grocery chains, and pays out via PayPal, Venmo, or gift card. $20 minimum withdrawal.

If a significant portion of your purchases are groceries and household goods, Ibotta fills a genuine gap. It doesn't directly replace Honey for online retail, but as part of a cashback stack it's a strong complement.

Best for: Grocery shoppers who want app-based cashback without browser extension privacy concerns.

What You Should Do Right Now

If you currently have Honey installed, here's a practical checklist:

Action Checklist

Remove the extension: Open Chrome/Firefox extension manager, find Honey, click Remove. This stops all data collection immediately.
Revoke PayPal data sharing: Log into PayPal → Settings → Data & Privacy → Connected Apps, and revoke Honey's data access if it appears.
Replace it with a portal: Sign up for SaveClub. Bookmark the portal. Start sessions there instead of going directly to Amazon or your retailer.
No extension = better privacy: Portal-based cashback gives you the savings without the persistent browser process. The habit change (click portal → shop) takes two minutes to form.

The Bottom Line

The Honey extension is not a virus or a password stealer. But it spent years systematically replacing the affiliate commissions of the very creators who promoted it, without disclosure, at scale — while collecting behavioral purchase data for one of the world's largest payment companies.

In 2026, with lawsuits ongoing and trust broken, it's hard to make a case for keeping it installed. The savings it provides are real. But so are the alternatives. And the alternatives don't come with a multi-year history of undisclosed revenue extraction from the ecosystem around them.

The browser extension model for cashback has a structural privacy cost: a persistent process with read access to your browsing behavior. Portal-based cashback — clicking through a site before you shop — achieves the same outcome without that cost.

Honey's scandal didn't just expose one bad actor. It exposed a question worth asking about any cashback extension: whose interests is this actually optimized for? Demand a clear answer before installing anything in your browser.