Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames

Found on Bleeping Computer on Thursday, 28 December 2017

This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.

Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information.

Letting the browser store all your passwords has never been a good idea because it opens you to all sorts of attacks, not to mention that, in case you mess up your profile, you're in a world of tears. The first thing to do after a browser install is to disable its password manager so you are not at the risk of being tracked and having your login information stolen.

Browse all articles« Previous « » Next »