Your Data May be in Danger If You Use a Spellchecker

upstart writes:

Your data may be in danger if you use a spellchecker:

If you like to be thorough and use an advanced spellchecker, we have some bad news - your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

This issue, first reported by JavaScript security firm otto-js, was discovered accidentally while the company was testing its script behaviors detection. Josh Summitt, co-founder and CTO of otto-js, explains that pretty much everything you enter in form fields with advanced spellchecker enabled is later transmitted to Google and Microsoft.

If you click on show password,' the enhanced spellcheck even sends your password, essentially spell-jacking your data," said otto-js in its report. Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII [personally identifiable information], including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company's enterprise credentials to internal assets like databases and cloud infrastructure."

Read more of this story at SoylentNews.