Website trackers log emails and passwords even before you click “Submit”
This data collected without their consent may contain sensitive or personal information, which could later be used for targeted advertising and sometimes for malicious purposes. the study titled “Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission” was conducted by academic researchers with a sample of 100,000 of the world’s top-ranking websites, representing a total of 2.8 million pages .
About 3% of websites store emails and passwords
With the help of a website crawler, the research team found these results. While most users think that websites only save what they type when they submit them, as many as 2,950 of the 100,000 sites sampled did more than that. About 3% of the time, trackers collect data from the moment users start typing in the form.
Websites use these tracers for several reasons, but they are mainly used to personalize user navigation and to collect information on visitor activity. Trackers let website developers know what kind of content users are engaging with. But third-party trackers help advertisers ensure that the ads users see are targeted to things they’re more likely to buy.
Third-party website trackers record keystrokes
The researchers attached a machine learning classifier to the tracker. This classifier was previously trained to detect email and password fields and intercept any possible script access to these fields.
It seems that several third-party trackers use scripts that keep track of keystrokes as users type into the form. If trackers log information before users submit it, some of them might be able to access email addresses and passwords without users’ consent.
How to protect your email and password?
According to the researchers, these issues affect a small number of trackers, but they’re quite prevalent across the web. The most common trackers found in the search were LiveRamp (662 websites), Taboola (383), Verizon (255), and Bizible (191). These trackers were found on sites where users’ email addresses were registered. Speaking of cracking passwords, Yandex was the biggest culprit.
The main highlights of the study have been published by the researchers with a more technical version for people who want to know more about the subject. It was first shared by beeping computer. It is imperative to note that half of these tracking companies responded to the researchers and claimed that the data collection was unintentional.
To protect yourself from these website trackers, it is best to disable third-party trackers once and for all. This can be done through browser settings. It is also recommended to change your password frequently. Password managers could be a great tool for juggling multiple passwords that change regularly.