Researchers discovered a new form of attack by exploiting ad networks’ data collection mechanisms, https://news.gatech.edu/news/2022/11/10/new-research-gives-users-another-reason-hate-unwanted-ads.
Online advertising uses data points such as location and behavioral patterns to provide personalized banners. Thirdy-party ad networks use tracking cookies to collect this data, which, when correlated with unique identifiers like email addresses, allow advertisers to build extensive profiles of online users. The research shows the system is susceptible to manipulation by bad actors, thanks to the way that information is passed to the ad networks, which is insecure and hard to verify.
Once an attacker knows a victim’s email address, they can gain insight into their detailed browsing history by observing the targeted ad stream. For example, if a victim booked a hotel, the attack could receive retargeted ads for the same hotel. Worse yet, a bad actor could impersonate the victim, manipulating what ads to show them.