LinkedIn Flaw Allows Sites to Steal Data
Return To ArticleA new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it.
LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click.
In general, the AutoFill button only works on specifically “whitelisted websites,” but 18-year-old security researcher Jack Cable of Lightning Security said it is not just the case.
