Days before Christmas, at the height of the last-minute holiday shopping rush, an ominous message appeared on Amazon.com. It warned shoppers who used a popular browser extension called Honey that the service, which promises to track prices and discount codes, was “a security risk.”

“Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit,” the message read. “To keep your data private and secure, uninstall this extension immediately.” It was followed by a hyperlink where users could learn how to do so. Screenshots of the warning were posted to forums and social media by Honey users, like Ryan Hutchins, an editor at Politico.

Honey isn’t some obscure browser extension from an unknown developer. Founded in 2012, the Los Angeles-based startup now boasts over 17 million users. It finds discount codes to save shoppers money at tens of thousands of online retailers, including Amazon. In November, PayPal agreed to purchase Honey for an eye-popping $4 billion, its largest deal ever. The acquisition was completed this week.

Amazon’s warning, which began appearing on December 20, confused and angered many of Honey’s users, some of whom complained on its official social media channels. The browser extension has been compatible with Amazon since it was founded, and it is a significant part of Honey’s appeal. Amazon is one of the most popular retailers in the world and the place where most Americans begin when looking for a product online.

Amazon declined to explain why it decided to label Honey a security risk so suddenly last month. “Our goal is to warn customers about browser extensions that collect personal shopping data without their knowledge or consent,” a spokesperson for the company said in a statement. They declined to answer follow-up questions about the basis for that claim.

When people install the Honey extension in their browser, they consent to the company’s terms of use and privacy and security policy. While these kinds of agreements can be dense and difficult for the average person to interpret, Honey doesn’t appear to be collecting consumer information without asking, as Amazon implied to WIRED. Its privacy policy states that it doesn’t “track your search engine history, emails, or your browsing on any site that is not a retail website.”