NEWS14 December 2012

Internet Explorer flaw lets mouse movement be tracked

Data analytics UK

UK — A flaw in certain versions of Microsoft’s Internet Explorer that allows third parties to track and monitor the mouse movements of web users is being exploited by at least two large online analytics companies.

The claims have been made by Doug de Jager, CEO of UK-based analytics firm, who has detailed the exploit and how it works in a blog post.

De Jager says the flaw makes it possible for a user’s mouse cursor to be tracked “anywhere on the screen – even if the Internet Explorer window is minimised”.

He says that third parties can get access to mouse movement data simply by buying a display ad slot on any webpage. “As long as the page with the exploitative advertiser’s ad stays open – even if you push the page to a background tab or, indeed, even if you minimise Internet Explorer – your mouse cursor can be tracked across your entire display.

“The vulnerability is already being exploited by at least two display ad analytics companies across billions of webpage impressions each month,” de Jager says.

The flaw was reported to Microsoft on 1 October but continues to effect Internet Explorer versions 6–10.

A spokesman for the company told The Guardian: “We are currently investigating this issue, but to date there are no reports of active exploits or customers that have been adversely affected.”