Cybersecurity Blog

Used a public computer lately? You may have left your credit card data behind. – 01/09/17

How I almost fulfilled my dream of owning a pair of red soled shoes

Most days the horror stories I read about and pass along to our community do not directly affect us.  They are simply tales of cyber security woe that I pass along to warn the unsuspecting in an attempt to prevent a possible future disaster.  Today was different. Today I had an OMG moment. Once of those moments when the world seems to go on pause while you try and process what you have just seen.  Today one of our lovely analysts in ITS put a library loaner laptop on my desk.  The type of laptop that hundreds of students and staff check out of the library for temporary use every week.  On the screen plain as day for everyone to see,  was the credit card information of the last person who had logged into Google Chrome on the laptop.

After the shock had worn off, I briefly entertained the idea of doing some post Christmas shopping. I had always wanted a pair of Christian Louboutin’s red soled shoes. However, sanity kicked in and I realized that if this one unfortunate individual had made such an enormous mistake, then there is probably a pretty good chance that others have too.

How was such an error made? How did his credit card information get on that laptop? Google Chrome is to blame.  To understand how this could happen, you need to understand how Google Chrome works. Chrome has this fabulous little time saving feature called Autofill.  As you fill out forms, Chrome will ask you if you want it to remember the information.  Things like passwords, your address and yes your credit card information. So the next time you are asked for it in a form, Chrome fills the form out for you. This is a feature that you can disable. Thing is, if at any time you enabled it and information was stored, the data remains stored in Chrome until you go in and delete it.

That is exactly what happened with our poor library laptop borrower.  They opened Chrome, synced their account so they would have access to their bookmarks and then when they were done they closed Chrome and returned the laptop.  Thing is when you sync your account it syncs everything including your Autofill information. In addition, when you close Chrome it does not turn sync off, so the next person who comes along and opens Chrome sees all your bookmarks and has access to your Autofill information which in this case included address and credit card data. Thankfully the good people at the library noticed something was up before it was loaned out again and disaster was averted.

I really would love to go shopping on your dime, however my tastes are rather expensive…Louboutin’s start at 500 Euro… so I think the smarter thing would be to tell you how to avoid leaving your personal information on a workstation that isn’t yours.

  1. If you plan on accessing your Google bookmarks on devices or workstations that are not your own, disable Autofill and delete any stored information.
  2. When you are done working in Chrome on someone else’s workstation, turn off sync. Logging out of Gmail does not turn off sync, it just pauses it while your passwords and autofill entries remain accessible to whoever is using Chrome.

By following these two simple steps, you will avoid receiving a bill for a pair of these beauties.