My next door neighbour came to me in a bit of a panic last night as he found himself on a screen which listed loads of his website logins and hidden passwords with a show password link by each. He seemed to think it was a result of clicking links in an email purportedly from Microsoft.
I first loaded and ran malwarebytes which came back clean. Looking at the email it was genuine (it was the "Update to our terms of use" that I also received yesterday - I'd just got back from a weekend away and hadn't then seen my copy) but wasn't (directly) the reason the login list was displayed.
After a while I guessed at the saved passwords in the browser which when I showed him the list in Chrome he confirmed was what he saw; so I'm reasonable happy that he hasn't picked up any nasties. What I can't figure out is how the heck he ended up in the list as the only way I've found is Settings, Passwords.
Has anyone any idea how he might of ended up in there by accident?
He didn't know how to review links before clicking - he does now!
He didn't know about the danger of using the same password on many sites - he does now. In fact he was relying on the browser to remember passwords as he couldn't remember them. I've suggested he uses a password manager.