Beware of Browser Autofill and Password Managers - They Can Leak Your Personal Data

Advertisement
By Shekhar Thakran | Updated: 11 January 2017 19:12 IST
Highlights
  • Firefox is currently secure against this attack
  • Information for hidden boxes can be retrieved from autofill system
  • Chrome has the option switched on by default

We all like to use the autofill and built-in password manager features offered by Internet browsers as well as some third-party password managers in order to save time and avoid the trouble of remembering dozens of credentials. However, a new phishing attack might make you think twice before using the feature again. The phishing attack, discovered by a Finnish Web developer and hacker, tricks browsers as well as password managers into giving away users' credentials using a fairly simple trick.

Finnish Web developer and hacker Viljami Kuosmanen has found that Google's Chrome, Apple's Safari, as well as Opera, and password manager app LastPass, can all be tricked into leaking a user's personal information through their profile-based autofill systems, reports The Guardian. Kuosmanen discovered that whenever a user tries to fill up a form on the webpage, the autofill systems fill up the boxes even if they are not visible on the page.

Advertisement

 

This is why I don't like autofill in web forms. #phishing #security #infosec pic.twitter.com/mVIZD2RpJ3

— Viljami Kuosmanen ⭐ (@anttiviljami) January 4, 2017

 

This effectively means that while filling up the forms, the autofill system can potentially give away users' sensitive information if they confirm the autofill - even if only for a few visible fields. Chrome browser's autofill option is switched on by default and stores information such as email addresses, phone numbers, credit card information etc., as pointed out in the report.

Interestingly, Kuosmanen has also made a website to demonstrate how the process works. The webpage asks users to write their name and email address and has the boxes for mobile number and address hidden from plain site - the browser then proceeds to autofill this additional information without knowledge of the user.

Advertisement

As Firefox browser autofills each field individually, it is protected against this kind of an attack but the company is apparently working on a multi-field autofill system as well.

In order to ensure protection against such a phishing attack, users are advised to switch off the features from their browser

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Autofill Exploit Phishing Attack, Internet Browsers, Google Chrome, Apple Safari, Opera Browser, LastPass, Password Managers, Internet Security, Phishing Attack
Windows 10 Preview Build Brings Dynamic Lock That Locks Your PC When You Move Away: Report
Nokia 6 Price, Launch Date Revealed; More Android Smartphones Expected on February 26
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo V70 Lite 5G Silently Launched in Select Markets With These Features
  2. iQOO Neo 12 Tipped to Offer Major Display Upgrade Over Predecessor
  3. Infinix Smart 20 vs Lava Bold N2 5G vs Redmi A7 Pro 5G: Here Is a Quick Comparison
  4. WhatsApp Users on iOS Are Finally Getting Access to This Useful Feature
  5. Vivo X300 FE, iQOO 15R and More Discounted During Amazon Mega Deal Days Sale
  6. New Leak Shows Us What Apple's Foldable iPhone Might Look Like
  7. How to Watch WWDC 2026 Live on YouTube, Apple TV, and More
  8. Vivo Y31s Launched in Malaysia With These Features
  9. Samsung Galaxy Watch Ultra 2, Watch 9 Visit China's 3C Ahead of Launch
  10. OnePlus Could Launch a New Budget Smartphone Lineup in India Soon
#Latest Stories
  1. Samsung Galaxy S26 FE Said to Ditch Matte Finish for a Glossy Rear Panel
  2. OnePlus N Series Tipped to Launch in India Next Month, Could Be More Affordable Than the OnePlus Nord CE 6 Lite
  3. Vivo Y31s 5G Launched With Snapdragon 4 Gen 2 Chip, 6,500mAh Battery: Price, Specifications
  4. Chinese Court Classifies Bitcoin as Property in Case Involving 107 BTC Theft
  5. Resident Evil Veronica Revealed at Summer Game Fest; Launch Set for 2027
  6. iQOO Neo 12 Said to Bring Major Display Upgrade With Up to 185Hz Refresh Rate
  7. Samsung Galaxy Watch Ultra 2, Galaxy Watch 9 Clear Key Regulatory Hurdle Ahead of Anticipated Launch
  8. Microsoft Reportedly Working on Shared Audio Feature on Windows 11 Alongside Tweaked Widgets
  9. Redmi K100 Specifications Leak Again; May Feature 185Hz Display, 8,500mAh Battery
  10. WhatsApp Multi-Account Support on iOS Reportedly Rolling Out to More Users
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.