Leave a comment

Security flaw in web browser autofill tools can steal your data

Security flaw in web browser autofill tools can steal your data
Chechotkin | Dreamstime.com

Web browsing can sometimes feel like navigating a huge minefield. It's filled with hidden foxholes, traps, and other tricky dangers that can endanger you even when you least expect it.

These days, nothing seems safe online - there's always an enterprising hacker poking holes on every would-be stalwart system out there. Every day it seems, a vulnerability is always waiting to be discovered.

And who knew even one of the conveniences of modern browsers can be exploited to gather more information about you and even potentially steal your data?

Autofill flaw you need to know about

New findings from Princeton University reveal that advertising companies can exploit a flaw in autofill web login pages and access the information saved within them.

You're most likely familiar with how autofill works. It's that time-saving convenience that automatically populates a website's fillable forms with your saved data, including your name, address, email and credit card information.

Here's how the exploit works. Ad companies can use web trackers to create invisible login forms in the background of web pages then trick a browser's autofill manager to fill in the information without your knowledge.

This information can then be used to track your browsing habits from website to website and even from device to device for targeted advertising.

Although this flaw is currently being used for tracking users, the Princeton researchers stated that hackers can also exploit it to steal personal information such as username and passwords.

These are the culprits

The researchers revealed that these two popular website tracking plugins, AdThink and OnAudience, are designed to exploit this flaw to exploit autofill password managers to track data. This information is then submitted to big marketing firms and consumer data aggregators like Acxiom.

Although these plugins are programmed to harvest usernames, the researchers warned that there's currently nothing stopping them from stealing passwords too.

For now, the only fix is to change how browser password managers work by blocking plugins from accessing user information without permission.

To protect its users, the researchers also advise website publishers to be aware of what third-party plugins can do and exercise better control over what to run on their sites.

Here's what you can do

While we wait for browser makers to investigate and hopefully fix this flaw, here's what you can do in the meantime.

You can start by clearing out all your browsing data, history, cache and cookies from your web browsers, disable or limit tracking on your gadgets then install anti-tracking browser extensions. Click here for detailed instructions on how to do this.

How to turn off browser autofill

Browser autofill features are really convenient but if you're worried about their privacy risks, you can turn them off.

To turn it off in Chrome, click the three vertical dots on the upper-right corner of your browser, select Settings, scroll down and click on "Show Advanced Settings" then uncheck "Enable Autofill to fill out web forms in a single click." Additionally, you can edit what information is being auto-filled by clicking "Manage Autofill settings."

If you're using Safari on a Mac, with the browser open, click on Safari on the menu bar, then click on Preferences and go to the Autofill section. Here you can select and uncheck the Autofill data that Safari uses.

Firefox users can click on the three horizontal stripes on the upper-right corner, select Options, go to Privacy, click on the "Firefox will:" drop-down box on the History section (it is set to "Remember history" by default) and select "Use custom settings for history." To prevent Firefox from storing autocomplete-form data, uncheck "Remember search and form history."

Has your computer been cryptojacked?

There's another web scheme that you need to know about and if you're not careful, cybercriminals could profit off you without your knowledge. Click here to learn more about cryptojacking.

Next Story
What is sinkholing and how can it protect you?
Previous Happening Now

What is sinkholing and how can it protect you?

Google Street View knows more about you than you think
Next Happening Now

Google Street View knows more about you than you think

View Comments ()