It was sending off URLs visited by the host machine. Browsing history, essentially, which could be benign except that when your machine is inside a corp network you might be visiting all kinds of internal resources with URLs that shouldn’t be public/with sensitive info included in the resource locator, GET/POST contents, etc
It would be nice to have an overview of what exactly was exported to know the impact of this breach (without having to use reveal(x) myself).