Your browser might be inadvertently giving away your information to unscrupulous phishers using hidden text boxes on sites. Beware!
A new report reveals that the identity of internet users may be at risk even on browsers most deem the safest. The Guardian reports that Finnish web developer and hacker Viljami Kuosmanen discovered that several web browsers, including Google's Chrome, Apple's Safari and Opera, as well as some plugins and utilities such as LastPass, can be tricked into giving away a users personal information through their profile-based auto-fill systems.
Kuosmanen discovered that when a user attempts to fill in information in some simple text boxes, such as name and email address, the autofill system, will input other profile-based information into any other text boxes even when those boxes are not visible on the page. Not visible? Now, that's concerning.
The article further explains that when a user inputs seemingly innocent, basic information into a site, the auto-fill system could be giving away much more sensitive information simultaneously. Chrome's auto-fill system, which is switched on by default, stores data on email addresses, phone numbers, mailing addresses, organizations, credit card information and various other bits and pieces.
Kuosmanen set up a site to demonstrate the issue, showing a text box for a user's name and email address, with text boxes for address and phone number hidden from view, auto-filled by Chrome.
Mozilla's Firefox seems to be immune to the problem so that serves as a safer option. Users can protect themselves from this kind of phishing attack by disabling the auto-fill system within their browser or extension settings.
Original article by The Guardian / TRUNEWS summary.