STAY SAFE

Google warning for BILLIONS as thousands of ‘leaky sites’ found – with many connected to Russian tech

THOUSANDS of websites are collecting your data as you type it, a new study claims.

If you thought typing something out on a website and then erasing it before submission keeps your information safe – think again.

Advertisement
Thousands of websites are collecting your data as you type it, according to a new study.

Researchers from KU Leuven, Radboud University, and the University of Lausanne analyzed the top 100,000 websites on Google search in Europe and the United States and found some interesting statistics.

Users' email addresses are gathered for tracking, marketing, and analytics domains before they submit any forms or give consent.

This was the case for 1,844 websites when visited from the EU and 2,950 when visited from the US.

A number of the sites did not intentionally conduct the data-logging but featured third-party marketing and analytics services that do.

Advertisement

The study also found incidental password collection on 52 websites by third-party session replay scripts.

Included in that list is the Russian tech giant Yandex, which faced a massive data breach earlier this year.

The study's authors noted that after they disclosed their findings to these sites, all 52 instances have since been resolved.

"If there’s a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it," Güneş Acar, a professor at Radboud University, and one of the leaders of the study, said.

Advertisement

Most read in Tech

LIGHT IT UP
'Once-in-a-decade' Northern Lights display could hit UK in early 2025
TAP IDEA!
Secret iPhone tricks instantly solve two common problems, Apple fans reveal
GOOG THINKING
Google reveals money-saving Boxing Day 'fridge trick' for millions of Brits
NIGHT TO REMEMBER
Saturn's rings vanish and twin Blood Moons – must-see 2025 space events

“We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

In a follow-up investigation, the researchers found that Meta (formerly, Facebook) and TikTok collect hashed personal information from web forms even when the user does not submit the form and does not give consent.

“In some cases, when you click the next field, they collect the previous one, like you click the password field and they collect the email, or you just click anywhere and they collect all the information immediately," Asuman Senol, a privacy and identity researcher at KU Leuven and one of the study co-authors, noted.

"We didn’t expect to find thousands of websites; and in the US, the numbers are really high, which is interesting.”

Advertisement

The study authors are slated to present their findings in full at the USENIX security conference in August.

The authors added that they were inspired to investigate the study, dubbed “leaky forms”, by media reports from online publication Gizmodo.

Furthermore, they hope that their findings will raise awareness about the issue, not only for regular web users but for website developers and administrators as well.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at exclusive@the-sun.com or call 212 416 4552. Like us on Facebook at  and follow us from our main Twitter account at 

Topics
Advertisement
machibet777.com