Auto-fill Phishing Exploit


We all know the dread of filling out those long web forms online. Chrome, Safari and even LastPass use and incorporate form-autofill features in their software. While the feature may prove to be beneficial in many cases, you may be possibly disclosing sensitive information to those with malicious intent.

A white-hat by the name of Viljami Kuosmanen created a Github Repo showing how it is possible for sites to use this saved autofill data unknowingly. The proof-of-concept demo website shows a form with only two fields. Once submitted, the website outputs all of the auto-fill data sent into invisible fields without your knowledge.


These types of phishing attacks can obtain information such as a person’s address, credit card number, security code, and expiration date. Firefox is one of the only browsers that are safe from this type of attack, as the browser requires autofill data be chosen for each box individually.

The team with Google was notified of this security breach back in 2013, but there have been no updates to fix this potentially harmful exploit to this day.

Tome Verbic