Skip to main content

This nightmare incident shows why you really shouldn't store passwords in your browser

Man annoyed at laptop
(Image credit: Marjan Apostolovic / Shutterstock)
Audio player loading…

An unnamed company was recently breached after an employee stored their corporate account password in their web browser, a new report suggests.

According to research from security company AhnLab, the employee was working from home on a device shared with other household members, which was already infected with Redline Stealer, an infostealing malware.

Although the computer was equipped with antivirus software, the malware was able to evade detection, before stealing the passwords stored in the victim's browser.

Password snafu

In a bid to protect their corporate network from remote workers with infected devices, the company in question provided employees with a VPN, so that they could access their work files securely.

However, this particular employee stored the login credentials for the VPN in their browser, which was later infiltrated by the malware. Three months later, the company was breached using these credentials.

Given that Redline Stealer malware is being sold online (for roughly $150 - $200), it’s very hard to say who is behind this specific attack.

Cybersecurity experts from AhnLab have warned users to refrain from storing passwords in the browser, despite the convenience. A password manager is a much better option, they say, especially when paired with a security key or another form of multi-factor authentication.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.