Tuesday, March 31, 2020
No menu items!

How Advertisers Secretly Steal Your Login Details

Must Read

Coronavirus Pushes Leading Economies Towards Recession

Every month of coronavirus lockdown will slash 2% in annual GDP growth of the world’s major economies, according to...

Huge Surge In Usage Won’t Impact Broadband

Thousands of people are being forced to work from home but will power supplies, broadband and mobile phone services...

Wim Hof Featured In The UK’s EU Song Contest Video

Legendary Ice Man Wim Hof is a star extra for Britain’s Eurovision Song Contest hopeful James Newman. Hof appears in...

Ever wondered why you those pesky adverts follow you around the internet after you have searched for something to buy online?

One reason is ad spammers are stealing your email address without you knowing with secret forms.

A team of web researchers have revealed that online advertisers harvest email address and search information when you autocomplete a form with your browser’s password manager.

The data can help the admen track you across the web and to build a profile of your online likes.

The team from America’s prestigious Princeton University have detected the code to harvest email addresses on more than a thousand high-traffic web sites.

Abusing the password manager

The code spoofs your browser password manager to populate an invisible form and to send the data to a database.

The researchers explained that the main fear was hackers stealing passwords from web sites – but no evidence of malicious code to grab online access code was found across 50,000 servers.

“All major browsers have built-in login managers that save and automatically fill in username and password data to make the login experience more seamless. The set of heuristics used to determine which login forms will be auto filled varies by browser, but the basic requirement is that a username and password field be available.

“Login form auto filling in general doesn’t require user interaction; all of the major browsers will autofill the username, which is often an email address, immediately, regardless of the visibility of the form,” said the researchers.

The offending web services

“Google Chrome doesn’t autofill the password field until the user clicks or touches anywhere on the page. Other browsers we tested don’t require user interaction to autofill password fields.

“Third-party JavaScript can retrieve the saved credentials by creating a form with the username and password fields, which will then be auto filled by the login manager.”

The main script abusing password managers is Adthink – which was hiding on 1047 web sites under an audienceinsights.com web address. The other is OnAudience, which was on 63 sites as behaviouralengine.com.

The researchers suggest switching off automatic login is the best defence.

The scripts were found on a range of popular browsers, including Firefox, Chrome, Internet Explorer, Edge and Safari.

Click here for a full list of web sites with the tracking code

>

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Coronavirus Pushes Leading Economies Towards Recession

Every month of coronavirus lockdown will slash 2% in annual GDP growth of the world’s major economies, according to...

Huge Surge In Usage Won’t Impact Broadband

Thousands of people are being forced to work from home but will power supplies, broadband and mobile phone services cope? The response from utility firms...

Wim Hof Featured In The UK’s EU Song Contest Video

Legendary Ice Man Wim Hof is a star extra for Britain’s Eurovision Song Contest hopeful James Newman. Hof appears in the video for the song...

Harvey Weinstein Faces Jail After Rape Charge Convictions

Movie mogul Harvey Weinstein’s fall from grace was completed when a jury at the New York  Supreme Court found him guilty of rape. Weinstein was...

Manchester City Set To Appeal Ban From Europe

The world of football is waiting with bated breath to see if Manchester City lodges an appeal against a two-year ban from European football. The...

More Articles Like This