Web analytics outfit Mixpanel slurped surfers' passwords

Found on The Register on Wednesday, 07 February 2018

Mixpanel provides a suite of services to help web publishers improve engagement. Among those services is "Autotrack", which promised the chance to track just about every aspect of a user's visit to a website. Including, it has been revealed, their passwords.

“We confirmed that this was unexpected behavior; by design, Autotrack should not send the values of hidden and password form fields.”

Things like this really make you want to disable Javascript for every single website by default; yet at the same time, developers are looking at compiled Javascript which is even more suspicious.

Browse all articles« Previous « » Next »