1 min read

LinkedIn fixes major bug in AutoFill plugin

Luana PASCU

April 20, 2018

LinkedIn fixes major bug in AutoFill plugin

LinkedIn joins the data privacy breach club after a researcher detected a major vulnerability in the AutoFill plugin – that allows members to autofill their information in forms on other websites. The bug was detected by researcher Jack Cable who also released a proof-of-concept to explain how the vulnerability could be exploited through a cross-site scripting flaw on a website.

If exploited by third-parties, the bug releases private personal information kept on user profiles such as name, email, job, location and phone number.

“A user’s information can be unwillingly exposed to any website simply by clicking somewhere on the page,” reads Cable”s report. “This is because the AutoFill button could be made invisible and span the entire page, causing a user clicking anywhere to send the user’s information to the website.”

The AutoFill feature that allows a website to collect profile data, without explicit user content, was only for whitelisted domains approved by such as Twitter and Microsoft, the social network claimed, however Cable writes that “until my report, any website could abuse this functionality.”

After receiving a notification about the bug, LinkedIn fixed the vulnerability that could have compromised user data.

LinkedIn sent the following statement to TechCrunch:

We immediately prevented unauthorized use of this feature, once we were made aware of the issue. We are now pushing another fix that will address potential additional abuse cases and it will be in place shortly. While we”ve seen no signs of abuse, we”re constantly working to ensure our members” data stays protected. We appreciate the researcher responsibly reporting this and our security team will continue to stay in touch with them.

For clarity, LinkedIn AutoFill is not broadly available and only works on whitelisted domains for approved advertisers. It allows visitors to a website to choose to pre-populate a form with information from their LinkedIn profile.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read