For my own convenience I have a couple of Chrome bookmarks on the bookmarks bar that open the forum either at the list of new posts sorted by number of posts
This allows quick navigation to posts that I am likely to be interested in and I have used them for the last year or so
Now, all of a sudden, using either of them seems to attempt to log into iubenda.com as the password manager that I use for a limited number of sites pops up a dialogue asking if I want to save the login details, which I don't
The same thing happens when I log off and/or log on or if I simply go to either of the URLs above
I am very suspicious of this activity and have been able to find very little about what iubenda.com does and why
It is perfectly possible that despite precautions my PC has been hit with an infection/malware of some kind, but before taking drastic action does anyone know anything about iubenda.com and its relationship to the Arduino forum, if any ?
Out of interest I have cleared my cookies which had no effect
My password manager has also started to ask me if I want to save a password for iubenda.com (hits1_u) when I click on the bookmark to navigate to the forum.
Environment is Windows 10, Chrome browser, and Last Pass password manger.
EDIT : Thinking about it, it is more likely the fact that something is logging into iubenda.com is being revealed by the offer of LastPass to save the details
Thanks. I am aware of that breach and have taken action to prevent it affecting me
As I said above, what I believe is happening is that something is logging in to iubenda.com and LastPass is asking if I wish the password to be saved so that the login can be automated
Arduino is a logo company on iubenda's website which means money has changed hands and the two have a contract in place. Presumably Arduino is a great customer from iubenda's perspective.
As to the pop-up, knowing what I know about LastPass, my guess is that it's just another LastPass bug.
What I suspect is happening is that Arduino recently signed up to use iubenda.com and that as a result some actions on the Arduino website cause a login to it.
The LastPass dialogue that pops up is the normal "I can see that you are logging in somewhere and need to supply a password. Would you like me to save the password to automate that process in future ?"
That would explain why agreeing to that would mean that the LastPass dialogue is not seen again
Before agreeing to let LastPass do this I would like to know what the relationship is between Arduino and iuenda.com. As noted by @Coding_Badly, the Arduino logo is featured on the iuenda webpage
the Arduino website uses Iubenda Privacy and Cookie Policies services to manage the Cookie Policy popup.
The Iubenda script communicates with the Iubenda collector endpoint performing an HTTP POST request containing the user choice. No user data is transmitted over to Iubenda, just the answer on cookie acceptance.
The Iubenda collector endpoint requires HTTP authentication credentials, and it appears that some Password Managers are detecting these credentials and proposing to store those. These credentials are not related to the user account, it's a separate set of credentials just for API communication.
We are going to work with Iubenda to see if the issue with Password Managers can be addressed, but we can ensure that there are no security risks impacting Arduino users.
