The autofill feature in your web browser may leave you vulnerable to phishing attacks, according to reports.
A Finnish web developer named Viljami Kuosmanen discovered that when using autofill to fill out a form, certain browsers fill out a number of hidden fields.
If you use autofill to complete name and email fields, your browser may send other information associated with those fields – such as your mobile number, home address, or even credit card details.
Any information saved in autofill is potentially at risk of phishing when using the feature.
To demonstrate the security flaw, Kuosmanen set up a demo website which shows how much data is collected from your hidden autofill fields.
This is how the autofill flaw works in different browsers:
- Chrome: Automatically fills out web forms in a single click, submitting all linked form fields.
- Safari: Informs the user of all fields that will be submitted, including hidden fields.
- Firefox: Mozilla Firefox does not currently send hidden fields when submitting forms.
If you use data saved in your autofill settings on websites with questionable security, consider disabling the feature in your browser.