skip to main content

2,652 shops listed | Last updated: 24 February 2018

Monitor Add a site

Password exploits leave consumers exposed to online ads

17 January 2018 - 10:54 by Mike Price

Share on

Hundreds of the world’s most popular websites have been found to contain scripts designed to nab account info from visitors and use it to tailor advertising, according to researchers from Princeton University.

The Independent reports that the sneaky code takes advantage of the fact that millions of people rely on browser-based password management solutions to keep track of the usernames and passwords they require to log into a whole range of sites, from social media to safe shopping online.

This all comes down to tricking browsers into entering username and password info outside of pages specifically designed for logging in. The ‘invisible’ login fields are set up on subsequent pages and the private data can be snatched, meaning that email addresses end up in the hands of third parties.

An individual’s email address is seen as especially valuable as unlike other identifying factors related to a person, it is not guaranteed to change over time. This means that web users can be tracked across multiple sites and advertisers can build up a picture of their habits, even if they clear the cookies from their browser or use an entirely different computer to access the internet.

The good news is that although this practice might be seen as unethical and problematic for a variety of reasons, the sites participating in it have not been shown to have stolen passwords. This may be a way of skirting along the edge of illegality without actually crossing it and drawing serious regulatory attention.

The exploitation of auto-complete features found in every major browser is clearly not acceptable and researchers are calling on developers to implement updates which will address this. In the meantime, carrying out safe shopping online only with reputable sites is the best way to steer clear of complications.