Routine and seemingly innocuous web browsing can put you firmly in the crosshairs of cybercriminals, according to research from California-based cybersecurity firm Exabeam.Geolocation issues are just the tip of the iceberg when it comes to your browser security. Cybercriminals can build a web dossier about you, with information such as your location, working hours, bank details and applications used.
Even passwords used for different websites are there for the taking – all because of the way browsers are designed.
Web browsers store a large amount of personal information, partly because web developers use modern browsers to enhance user experience, while advertisers use these features to maximise the impact of their ads. The research shows the many ways criminals can build a web dossier of information stored on browsers.
In the first phase, researchers visited some of the most popular sites on the internet using a Firefox browser and crawling through the Alexa Top 1000 sites. They found that 56 websites stored some level of geolocation information about the user and 57 sites recorded the user’s IP address.
“If you store your credentials in the Chrome password manager, your credentials would be available to criminals.” Exabeam
In the second phase, using Google Chrome, researchers wanted to discover what information on user accounts and actions could be found on local browser files. They were able to extract account user names, email addresses, search terms, titles of emails, documents viewed and downloaded files.
Moreover, if they chose to save their login details on browsers using built-in password managers, researchers were able to extract those saved usernames and passwords on all the sites tested.
Criminals access this stored data using malware designed to harvest information stored in a browser. As for shared computers or shared workspaces, an unlocked computer is vulnerable to having browser data extracted in seconds using a USB drive, or by inserting malware
“This isn’t a weakness of the website but rather of the default password managers built into web browsers,” says Exabeam. “For any website you visit, if you store your credentials in the Chrome password manager, your credentials would be available to criminals.”
The most important thing to do is to ensure you have endpoint protection, more commonly known as anti-virus software, on your computer.
Other counter-measures include incognito mode browsing, disabling all http cookies, disabling third-party http cookies, disabling autofill features, not saving login information on the browser, regularly clearing browsing artefacts, setting a master password when using the browser’s default password manager (not available in Chrome), and using a third-party password manager.
Exabeam offers the following advice: “Browsers store many artefacts to make browsing and buying on the web easier, but collectively this information can be mined, aggregated and used to create a profile many users may not realise. Ensuring endpoint protection and not leaving machines unlocked in public spaces are essential. Users should also consider changing browser settings to further protect their privacy.”
Great article for spreading the awareness of Cybercrime. I learned a lot. Saftey measures like browsing in Incognito mode, not saving passwords in browsers, disabling autofill etc are a great way to counter it.
So, is it safe to use a password manager chrome extension to store my accounts and passwords? I am using Cyclonis password manager. It’s free and good looking so that I decide to use it instead of the old one. Here’s the website https://www.cyclonis.com, FYI. Is it secure to use?