About 100,000 top-ranking websites have recently been examined by security experts, revealing that some of them leak users’ data entered on website forms to third-party trackers even before users hit the submit button.
Moreover, even if users have not submitted their data on the forms and deleted everything they typed in, the websites still share the information with the third-party web trackers, including personal identifiers, usernames, passwords, email addresses, or other text inputs like messages.
At least 3% of all the tested websites were found logging what the users type in the forms through keystroke monitoring. Most people are unaware of this scenario since it is typical for them to think that what they enter on the forms will not be recorded unless they hit the submit button.
Based on the conducted study, out of the 2.8 million tested pages, 1,884 websites were found allowing third-party trackers to exfiltrate users’ data such as email addresses when the users visit the sites from Europe. On the other hand, when users visited the same sites from the US, the number of websites allowing the same process spiked to 2,950.
Third-party website trackers are intended to monitor site visitors’ activities, log interactions, create related-preferences data points, and maintain an anonymous identifier for each visitor.
These procedures aim to provide users with a more personalised online experience. Advertisers also benefit from it since they can blast ads toward users in specific demographic standards that are more likely to be interested in their products and services.
Most third-party web trackers use scripts to monitor user keystrokes as they type in website forms. The trackers also quickly save the entered data before the user submits it or decides to delete what they entered.
Users’ privacy and security are put at risk due to this discovered issue. Cybersecurity experts advise users to block all third-party trackers through a browser’s built-in blocker settings. It is imperative to be alert to the issues online that could compromise one’s sensitive data; thus, expanding cybersecurity knowledge is strongly advocated.
