Techly NewsGet the app

Get the latest tech news

Web Analytics Accidentally Collecting Passwords


Under certain circumstances, the RudderStack javascript snippet will collect passwords.

We immediately began investigating further and learned that the behavior the customer was observing was due to a change to the React JavaScript library made in March 2017. This change placed copies of the values of hidden and password fields into the input elements’ attributes, which Autotrack then inadvertently received. Upon investigating further, we realized that, because of the way we had implemented Autotrack when it launched in August 2016, this could happen in other scenarios where browser plugins (such as the 1Password password manager) and website frameworks place sensitive data into form element attributes.

Get the Android app

Or read this on Hacker News

« Microsoft cracks down on low-performing workers, fires some without severance: report
The Faux Free Speech Warriors Attacking Free Speech »