{"id":444576,"date":"2022-05-16T15:33:27","date_gmt":"2022-05-16T13:33:27","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=444576"},"modified":"2022-05-16T15:36:03","modified_gmt":"2022-05-16T13:36:03","slug":"top-websites-hosted-keylogger-scripts-that-grab-data-before-you-click-submit","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/internet\/444576-top-websites-hosted-keylogger-scripts-that-grab-data-before-you-click-submit.html","title":{"rendered":"Top websites hosted keylogger scripts that grab data before you click submit"},"content":{"rendered":"<p>A <strong><a href=\"https:\/\/homes.esat.kuleuven.be\/~asenol\/leaky-forms\/\" target=\"_blank\" rel=\"noopener\">study<\/a><\/strong> conducted by researchers from KU Leuven, Radboud University, and the University of Lausanne found that 1,844 top websites collected European users&#8217; email addresses without their consent.<\/p>\n<p>They also found that 2,950 of them automatically logged the email addresses of US users in some form.<\/p>\n<p>The researchers noted that it is not the website itself logging the data in most cases but third-party marketing and analytics services.<\/p>\n<p>&#8220;If there&#8217;s a Submit button on a form, the reasonable expectation is that it does something \u2014 that it will submit your data when you click it,&#8221; Ars Technica <strong><a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/05\/some-top-100000-websites-collect-everything-you-type-before-you-hit-submit\/\" target=\"_blank\" rel=\"noopener\">quoted<\/a><\/strong> one of the study leaders, G\u00fcne\u015f Acar, as saying.<\/p>\n<p>&#8220;We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.&#8221;<\/p>\n<p>The team analysed the top 100,000 websites, comparing scenarios for users connecting from the EU and US.<\/p>\n<p>While analysing websites, the research team found 52 websites through which third parties were collecting password data before submission.<\/p>\n<p>The third parties included the Russian tech company Yandex. However, the issues have been resolved since the research team notified the websites of its findings.<\/p>\n<p>According to the study, email addresses are collected via means similar to a keylogger \u2014 a malicious program that records what a user types.<\/p>\n<p>However, the researchers noted that it varied between websites, with some recording keystroke by keystroke and others grabbing complete submissions.<\/p>\n<p>Asuman Senol, another researcher on the team, added that some sites grab the data you have entered when you click on the following field.<\/p>\n<p>The group also discovered that Meta Pixel and TikTok Pixel \u2014 marketing trackers embedded on websites to track users and show them ads \u2014 were grabbing hashed email addresses.<\/p>\n<p>Both marketing trackers&#8217; documentation claims\u00a0that customers had to switch on &#8220;automatic advanced matching&#8221; to trigger data collection when a user submits a form.<\/p>\n<p>However, the researchers found that for US users, 8,438 sites were potentially leaking data to Meta, and 7,739 sites may be affected for EU users.<\/p>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/internet\/444134-new-rules-for-za-domains-a-smokescreen-money-grab.html\" target=\"_blank\" rel=\"noopener\">New rules for .ZA domains a &#8220;smokescreen money-grab&#8221;<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Some of the top websites in the world may host trackers that collect your data before hitting submit on a form.<\/p>\n","protected":false},"author":341076,"featured_media":444582,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,27],"tags":[20473,78420,43128,78406,73842,59100,78408,9033],"class_list":["post-444576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet","category-security","tag-data-privacy","tag-gunes-acar","tag-keylogger","tag-meta-pixel","tag-meta-platforms","tag-tiktok","tag-tiktok-pixel","tag-yandex"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/444576"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=444576"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/444576\/revisions"}],"predecessor-version":[{"id":444660,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/444576\/revisions\/444660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/444582"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=444576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=444576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=444576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}