23 Nov Research Says Session Replay Pose Significant Privacy and Security Risk
Earlier this week, a report published by Princeton University researchers identified several popular websites that use intrusive session tracking scripts to log sensitive information such as passwords, credit card details, phone numbers, SSNs, and dates of birth. The researchers also found that some sites record the info as it is typed and even before the user enters it.
The research team published a full list of major websites that use such scripts, which include Yandex, Microsoft, Adobe, GoDaddy, Spotify, WordPress, Reuters, Comcast, and TMZ. When implemented correctly, session recording is completely benign, however, it becomes a considerable risk if an attacker gains access to a website that keeps session tracking data.
Source: Bleeping Computer