Your browser’s autofill data can be hacked – here’s what you need to do

It’s no secret that we value convenience in this fast-paced, modern day world. Virtually everything can be done with the click of a button and help from things like autofill can expedite the process.

The autofill option is nice for convenience’s sake, but we all know that our information is never truly secure on the ol’ World Wide Web. And, much like issues people have had with accounts getting hacked into, autofill data on browsers can be phished.

How are they getting this information?

Finnish web developer and hacker, Viljami Kuosmanen, saw the phishing in action and released a demo of the hacking on GitHub. In laymen’s terms, what he discovered was that phishing sites will have text boxes where you enter information such as your name or email address.

However, when you choose to have your browser’s autofill settings fill in your information, the site will use hidden boxes to gain autofilled information that you are unaware you’re releasing.

This information can include things like your address, phone number, or credit card number. To combat this, avoid sharing personal information as well as using tools such as LastPass on sites that you are unsure of whether or not they can be trusted.

To avoid this altogether, you can turn off the autofill settings in your browser.

On Chrome, select the three-dot “More” button in the top right > then Settings > then Show advanced settings > then uncheck “Enable Autofill to fill out web forms in a single click” listed under “Passwords and forms.”

On Safari, select Preferences > AutoFill > then deselect all of the information types that you want Safari to automatically fill. On Opera, select the Opera button, then Settings > then Privacy & security > then scroll down to “Autofill” > and uncheck “enable auto-filling of forms on webpages.”

Firefox does not currently have a multi-autofill system, making it unsusceptible to the phishing issue.