google-site-verification: google30a059f9a075f398.html

Web Tracking Threat Could Raise the Risk of Cybersecurity Breaches, Researchers Find

CuberWisdom Commentary:

What is most likely to be an overlooked story from securityintelligence.com describes an interesting possible hidden threat. This vulnerable threat exists in browsers autofill the fields in these hidden forms with login information, such as username and passwords, without the user’s knowledge.

The researchers at Princeton’s Center for Information Technology Policy found evidence that web tracking firms secretly insert hidden login forms on sites, reported Bleeping Computer. The managers used by browsers autofill the fields in these hidden forms with login information, such as username and passwords, without the user’s knowledge.

Experts have long warned about the potential security risk associated with the autofill function in browsers. However, the Princeton researchers are the first experts to provide evidence of this vulnerability being used to track individuals on the web. They also created a demo of the hidden form that allows users to see the flaw in action.

Brave is the only major browser that is not susceptible to the threat of username and password disclosure. While chromium-based browsers delay the release of a password until the user interacts via a click, this is not a strong form of protection.

Detailing the Evidence

The Princeton researchers reported in a blog post that they found two web tracking services, Adthink and OnAudience, that use secret login forms to collect sensitive user details. These services have collected details via embedded tracking scripts across 1,110 websites.

 

Home > News > Researchers at Princeton University recently warned that web tracking firms can abuse password mechanisms to steal usernames and email addresses, increasing the risk of cybersecurity breaches. The most commonly used browsers, such as Chrome, Safari and Firefox, include a login manager to save and autofill usernames and passwords when individuals visit a site. The researchers discovered that web trackers can abuse this auto-insertion technique and collect sensitive information covertly. While abuse of the flaw appears limited so far, IT managers and users should be alert to the risk and apply any techniques that can help limit the potential threat of cybersecurity breaches. The researchers at Princeton’s Center for Information Technology Policy found evidence that web tracking firms secretly insert hidden login forms on sites, reported Bleeping Computer. The managers used by browsers autofill the fields in these hidden forms with login information, such as username and passwords, without the user’s knowledge. Experts have long warned about the potential security risk associated to the autofill function in browsers. However, the Princeton researchers are the first experts to provide evidence of this vulnerability being used to track individuals on the web. They also created a demo of… Engaging post, Read More…

thumbnail courtesy of securityintelligence.com.

If you like to receive more of these curated news alerts then subscribe to my mailing list.

 

Add a Comment

Your email address will not be published. Required fields are marked *