Come across this today, Copied and pasted
"It turned out that a number of web browsers, including Google’s Chrome, Apple’s Safari, Opera, as well as browser plugins and utilities like LastPass can leak your private information through hidden text boxes due to autofill feature, which might be inadvertently giving away your data to phishers.
A Finnish web developer has found out that certain browsers, including Chrome, Safari and Opera, along with certain extensions, can be tricked into leaking data through their profile-based autofill systems due to phishing attack. The latter is brutally simple: when you try to fill in information in some common text boxes, like name and email address, you browser autofill system will input other earlier saved information into other text boxes, even if you don’t see them on the page.
As such, when you input seemingly innocent information into a site, like you name, the autofill system could give away much more sensitive information if you confirm the autofill: for instance, Chrome’s autofill system (which is enabled by default) stores data on your credit card information. The developer even set up a special website to show how it works, demonstrating visible text boxes for a user’s name and email address, while text boxes for address and phone number were hidden from view but still autofilled by Google’s Chrome.
Good news for Firefox users: their browser is not affected, because it does not yet support a multi-box autofill and therefore can’t be tricked into automatic filling text boxes, according to Mozilla security engineer. Lagging behind here serves the good turn.
If you use one of the abovementioned browsers or plugins, you can protect yourself from this kind of phishing attack by disabling the autofill system in settings."
"It turned out that a number of web browsers, including Google’s Chrome, Apple’s Safari, Opera, as well as browser plugins and utilities like LastPass can leak your private information through hidden text boxes due to autofill feature, which might be inadvertently giving away your data to phishers.
A Finnish web developer has found out that certain browsers, including Chrome, Safari and Opera, along with certain extensions, can be tricked into leaking data through their profile-based autofill systems due to phishing attack. The latter is brutally simple: when you try to fill in information in some common text boxes, like name and email address, you browser autofill system will input other earlier saved information into other text boxes, even if you don’t see them on the page.
As such, when you input seemingly innocent information into a site, like you name, the autofill system could give away much more sensitive information if you confirm the autofill: for instance, Chrome’s autofill system (which is enabled by default) stores data on your credit card information. The developer even set up a special website to show how it works, demonstrating visible text boxes for a user’s name and email address, while text boxes for address and phone number were hidden from view but still autofilled by Google’s Chrome.
Good news for Firefox users: their browser is not affected, because it does not yet support a multi-box autofill and therefore can’t be tricked into automatic filling text boxes, according to Mozilla security engineer. Lagging behind here serves the good turn.
If you use one of the abovementioned browsers or plugins, you can protect yourself from this kind of phishing attack by disabling the autofill system in settings."