LinkedIn fixes major bug in AutoFill plugin
LinkedIn joins the data privacy breach club after a researcher detected a major vulnerability in the AutoFill plugin â€“ that allows members to autofill their information in forms on other websites. The bug was detected by researcher Jack Cable who also released a proof-of-concept to explain how the vulnerability could be exploited through a cross-site scripting flaw on a website.
If exploited by third-parties, the bug releases private personal information kept on user profiles such as name, email, job, location and phone number.
“A user’s information can be unwillingly exposed to any website simply by clicking somewhere on the page,” reads Cable”s report. “This is because the AutoFill button could be made invisible and span the entire page, causing a user clicking anywhere to send the user’s information to the website.”
The AutoFill feature that allows a website to collect profile data, without explicit user content, was only for whitelisted domains approved by such as Twitter and Microsoft, the social network claimed, however Cable writes that “until my report, any website could abuse this functionality.”
After receiving a notification about the bug, LinkedIn fixed the vulnerability that could have compromised user data.
LinkedIn sent the following statement to TechCrunch:
We immediately prevented unauthorized use of this feature, once we were made aware of the issue. We are now pushing another fix that will address potential additional abuse cases and it will be in place shortly. While we”ve seen no signs of abuse, we”re constantly working to ensure our members” data stays protected. We appreciate the researcher responsibly reporting this and our security team will continue to stay in touch with them.
For clarity, LinkedIn AutoFill is not broadly available and only works on whitelisted domains for approved advertisers. It allows visitors to a website to choose to pre-populate a form with information from their LinkedIn profile.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021