Sensitive financial and healthcare information is stored on Web browsers, making it easily accessible to hackers, a new analysis has found.
Web browsers – Chrome, Firefox, Safari and Internet Explorer – often save images and other content on a user's hard drive, so that the content does not need to be downloaded again the next time a user visits the same website. This makes pages load faster.
Though websites generally try to block sensitive data from being saved, Baltimore-based security consulting firm Independent Security Evaluators says that many websites are using methods that no longer work.
“Non-technical users likely believe that if, after visiting a site and viewing personal data, they logout and close their browsers, that their data will be safe,” ISE said in a report released Thursday. “Our findings prove this assumption incorrect in 70% of the cases tested.”
ADP, Verizon Wireless, Scottrade, Geico, Equifax, PayPal and Allstate were among the websites that saved items such as prescription information, utility bills, check images and credit reports.
A hacker could use the information not only in identity theft schemes, but also in gaining access to a user's account.
All told, 21 of 30 websites tested by ISE had failed to use the correct technique to block sensitive transmissions from being stored on a computer or smartphone.
“What I think consumers need to realize is that this isn’t their fault,” said ISE Chief Executive Stephen Bono. “But they should be wary of using public computers, and they also should clean up this data by clearing their caches to solve this problem for the time being.”
The other option for consumers is to use "private browsing" or "incognito" modes in their browser.
Bono called on website developers to immediately audit their code to make sure only basic data is being stored in a browser’s cache. He said browser developers should also move away from the current standard of caching everything. Instead, website developers should have to explicitly say what they want to save.
ALSO:Copyright © 2014, The Baltimore Sun