Your browser’s autofill feature could hand your credit card number to criminals

Hacker hands

Photo via PORTRAIT IMAGES ASIA BY NONWARIT/Shutterstock

There’s a simple fix—but you’re not going to like it.

Your browser may be handing your most sensitive information over to criminals. 

The problem, recently uncovered by Finnish developer Viljami Kuosmanen, lies in your browser’s autofill feature, which may divulge your personal information without you realizing it. And it affects Chrome, Safari, and Opera, as well as password managers that use autofill, like LastPass.

Designed to enter your data—name, address, email address, credit card numbers, and more—each time you fill out an online form, autofill features save time and help you avoid the tedious task of typing out your information. The problem, Kuosmanen found, arises if you find yourself on a malicious website without realizing it. 

Here’s how it works, according to Kuosmanen’s findings: A cybercriminal tricks you into entering information into an online form on a fraudulent website—say, a webpage that looks like an online retailer but is actually run by the criminal. When you start to fill in one piece of information, your other information saved in your browser’s autofill populates other text boxes, potentially handing that data over to the digital thief. Particularly nefarious cybercriminals can hide the text boxes, meaning you wouldn’t see the leak of your information happening.

Of the browsers Kuosmanen tested, Firefox was the only one not affected by the autofill security bug simply because it does not currently include a multi-box autofill feature. However, Mozilla is currently working to add that feature, according the Guardian

The best way to avoid falling victim to this bug is to disable the autofill feature. Annoying? Sure—but it’s a whole lot less frustrating than having your bank account drained by some thief.

Andrew Couts

Andrew Couts

Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.