Consumers should be careful in filling out forms online especially those that require sensitive personal information like SSN, credit card numbers, address and the like. According to Viljami Kuosmanen, a security researcher, the Autofill flaw is something that should be taken seriously.
The Autofill function on many websites is equipped to paste sensitive information on concealed text boxes which allows scammers to steal users' information easily. This flaw affects autofill's function because normally, it already saves personal and sensitive information to avoid repetitive typing on various popular browsers like Apple's Safari and Google Chrome, sites or password managers. It also affects other applications such as plug-ins or add-ons on browsers.
The Autofill flaw starts when a user begins to input their personal details on a website like their names, addresses or contact number. The autofill will suggest having it pasted in another box which can be seen on the same page. When the user clicks on that suggested function, it immediately copies the information on these text boxes on the site itself. What's worse is that the credit card information may also be affected by this flaw.
To check on how the Autofill flaw works, Kuosmanen made a website where users will be asked to key in important information about themselves for his demonstrationn. However, it has hidden boxes where it will automatically fill it with address, phone number or organization which eventually will be stored. Viewers were able to see that their basic information was automatically posted to these concealed boxes.
The best protection that users can do is to avoid clicking on this feature until the flaw is fixed. Another possibility is to disable the autofill function by managing the security settings in the browser. Like for Chrome users, simply go to Settings > Advanced > then deselect the "Enable Autofill to fill out web forms in a single click" button. Although it does not affect Mozilla Firefox users because theirs are individually auto-filled, it is still important to be extra careful when logging in online.
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?