This nightmare incident shows why you really shouldn’t store passwords in your browser

An infostealer is scooping up passwords stored in browsers, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

An unnamed company was recently breached after an employee stored their corporate accountpasswordin theirweb browser, a new report suggests.

According toresearchfrom security company AhnLab, the employee wasworking from homeon a device shared with other household members, which was already infected with Redline Stealer, an infostealingmalware.

Although the computer was equipped withantivirussoftware, the malware was able to evade detection, before stealing the passwords stored in the victim’s browser.

Password snafu

Password snafu

In a bid to protect their corporate network from remote workers with infected devices, the company in question provided employees with aVPN, so that they could access their work files securely.

However, this particular employee stored the login credentials for the VPN in their browser, which was later infiltrated by the malware. Three months later, the company was breached using these credentials.

Given that Redline Stealer malware is being sold online (for roughly $150 - $200), it’s very hard to say who is behind this specific attack.

Cybersecurity experts from AhnLab have warned users to refrain from storing passwords in the browser, despite the convenience. Apassword manageris a much better option, they say, especially when paired with asecurity keyor another form of multi-factor authentication.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call