Advertisers have found a new way to track you. According to Freedom to Tinker, a few ad networks are now abusing tracking scripts to capture the email addresses that your password manager auto-fills on websites.
But it gets worse: they could use that tech to capture your passwords too, if they wanted. This affects everyone using a password manager, whether it’s a built-in password manager like the one in Chrome, Firefox, or Edge, or a browser extension like LastPass. As a result, you should probably disable the autofill feature to prevent this from happening.
How Autofill Is Leaking Your Information
When you save your username and password on a website, your password manager remembers them. From that point forward, it will attempt to automatically fill them into username and password boxes it sees on that website. This makes signing in faster, as you just have to click “Login”.
But some third-party advertising scripts—the ones that nearly every website out there uses—are starting to use these to track you. They run in the background, create fake login and password boxes you can’t even see, and captures the credentials your password manager fills into them.