The secrets web browsers hold about users are there for the taking
A simple malware attack could expose all the data stored in a web browser, including browsing habits, online purchases and bank information, according to a new threat report released on Monday.
The major internet companies and service providers already collect encyclopedias of user data, but there’s also a wealth of information stored locally in a user’s web browser. That data can include a variety of personal information that is valuable to criminals, and it’s there for the taking, according to a report released by Exabeam, a security intelligence company.
“All of a sudden I know where you go, at what time, what you’re buying,” said Barry Shteiman, director of research at Exabeam. “I know a lot of things that I, the attacker, should not know about you. It’s credit card-level information.”
The report sheds light on how enterprising cybercriminals can target information people might not know exists in their browsers. The researchers looked at the popular Firefox and Chrome browsers.
After maliciously gaining access to a person’s browser with software that can easily be purchased on the internet, thieves can dig into the treasure trove of information left in the browser to gain a better understanding of how users spend their time online and offline.
Modern browsers are designed to give users a customizable experience by tracking activity and collecting information that can then be used to do things like automatically enter passwords, phone numbers and other information.
Beyond personal information, browsers also track plenty of other information, including location data.
“The result is that a lot of information about you is stored deep in your browser, and it can potentially be exploited by cybercriminals in a number of ways,” the report said.
Once the attackers have access to a browser, the puzzle pieces begin to come together.
Using the history of websites that a person has visited, the cybercriminal could figure out which apps they most commonly use, including sensitive work apps, and where they do their online banking.
Perhaps even more alarming, Exabeam said, researchers were able to recover some bank account numbers that were used to send money to other banks….