Your browser’s autofill feature could hand your credit card number to criminals

There's a simple fix—but you're not going to like it.

Jan 10, 2017, 11:33 am

Tech

Andrew Couts 

Andrew Couts

Photo via PORTRAIT IMAGES ASIA BY NONWARIT/Shutterstock

Your browser may be handing your most sensitive information over to criminals. 

The problem, recently uncovered by Finnish developer Viljami Kuosmanen, lies in your browser’s autofill feature, which may divulge your personal information without you realizing it. And it affects Chrome, Safari, and Opera, as well as password managers that use autofill, like LastPass.

Designed to enter your data—name, address, email address, credit card numbers, and more—each time you fill out an online form, autofill features save time and help you avoid the tedious task of typing out your information. The problem, Kuosmanen found, arises if you find yourself on a malicious website without realizing it. 

Here’s how it works, according to Kuosmanen’s findings: A cybercriminal tricks you into entering information into an online form on a fraudulent website—say, a webpage that looks like an online retailer but is actually run by the criminal. When you start to fill in one piece of information, your other information saved in your browser’s autofill populates other text boxes, potentially handing that data over to the digital thief. Particularly nefarious cybercriminals can hide the text boxes, meaning you wouldn’t see the leak of your information happening.

Github

Of the browsers Kuosmanen tested, Firefox was the only one not affected by the autofill security bug simply because it does not currently include a multi-box autofill feature. However, Mozilla is currently working to add that feature, according the Guardian

The best way to avoid falling victim to this bug is to disable the autofill feature. Annoying? Sure—but it’s a whole lot less frustrating than having your bank account drained by some thief.

Share this article
Last updated Feb 28, 2020, 5:45 pm