Almost everyone today make use of our browser’s autofill feature without knowing its working in depth. From job applications to registering in various websites, autofill feature is a huge time saver.
When people fill in forms, browsers extend a helping hand in filling out regular fields like name, email, phone number, etc. It is proving to be very helpful in saving user’s time in filling these redundant fields and avoiding typos. A recent finding shows that these settings in browsers can spill confidential information to third party organisations without the consent of the user.
Security researcher Viljami Kuosmanen has made a proof-of-concept website which clearly demonstrates how a user can be easily fooled by these autofill settings. In his website, he created only 2 fields- name and email. It was found that he browser fills in the fields that are invisible to the user too. If a malicious third party website contains hidden fields to fetch the user’s credit card details, etc. the browsers autofill settings would fill in those and lead to data spilling.
To be safe from this privacy attack users can change the settings in their browser by disabling autofill option. By this, users must fill in all online forms 100% manually.
