If you do a lot of shopping online, taking advantage of your browser’s autofill setting may seem like a smart choice. Instead of digging your credit card out of your wallet every time you want to buy something, all the information you need appears automatically. But a new discovery made by a Finnish developer shows why the extra time you save per purchase may not be worth it: Hackers have found a sneaky way to retrieve your stored info.

As Thrillist reports, anyone can fall for the scam by submitting a couple basic pieces of information. Web users think they’re just entering their name and email address, but “hidden” text boxes are automatically filled in with more sensitive data like address, phone number, and credit card number. Viljami Kuosmanen illustrates what this might look like in the Tweet below:

Even if you’re extra careful about where you use the autocomplete feature, disabling it altogether is probably your best course of action. Saved credit card info could mean a free shopping spree for thieves if your laptop were to get stolen. Some browsers like Chrome save personal information by default: To deactivate the feature in Chrome, go to Settings, Advanced Settings, and uncheck the boxes beneath Passwords and Forms.

[h/t Thrillist]