6 Replies Latest reply on Jun 24, 2015 1:16 PM by Allison Sparrow

    Form pre-fill with another lead's data

      My marketing team has encountered several instances of a lead clicking a link only to discover a form filled with another lead's data. Even though the info is usually nothing more than what could be gleaned from a LinkedIn profile, this is clearly undesireable as it looks like sloppy marketing (and a privacy breach.)


      According to what I've learned from Marketo support, there are two ways that personal data can be passed between leads:


      (1) A lead is sent a personalized link decorated with a unique key that identifies the viewer as a different lead.

      a. Marketo creates custom links in emails in order to loop in tokens and other identifying data for the recipient, such that even if they are not cookied (or operating on an uncookied device) the underlying message can be personalized.

      b. If a lead forwards an email with personalized links to a second individual, the first individual’s information will be retained in any underlying forms.

      c. This kind of personalized link passing is almost exclusive to parties who know one another personally, often within the same company.


      (2) A lead somehow inherits the cookie of another lead.

      a. Local personalized information is stored on user devices via the Marketo “Munchkin” cookie, which is placed on users machines after visiting any Marketo asset. Once the lead is known to Marketo, this cookie is filled out with their information as it exists in the Marketo database.

      b. If one user enters identifying information into a form on another user’s machine, the second user’s cookie will be updated with the first user’s information.

      c. This is a sub-case of the personalized link scenario above, which essentially passes updates the recipient’s cookie when forwarded


      Unfortunately I've also been told that the only way to prevent this is to disable form pre-fill under the Admin setting for landing pages, and this only works on the sender side, e.g. if the person's browser has pre-fill enabled, you could still get this scenario. Does anyone have a suitable workaround?

        • Re: Form pre-fill with another lead's data
          Alok Ramsisaria

          This is a limitation in Marketo but I don't see it happening too often. In most cases, it would happen only when someone forwards a marketing email to another user, and he clicks the link to a Landing Page with pre-filled info. Check out the form we implemented on one of our LPs: Grazitti Landing Page where we identify a returning user and show him a message if he is a different contact. You will have to fill out the form and then come back to main LP and refresh to see this. If user clicks that he is a different user, we reset the MKTO cookie.

          5 of 5 people found this helpful
          • Re: Form pre-fill with another lead's data
            Sanford Whiteman

            Franklin, I think you're highlighting two non-issues and one real one.


            Non-issue: People enter identifying info into a form on a formally shared -- or illicitly borrowed -- computer.  You are not responsible for the consequences of this kind of stupidity recklessness.  It's like a family or company sharing an email address and expecting magically to not see each other's stuff.  The consequences go way beyond Marketo, for example sharing Amazon and GMail sessions. Don't worry about it.


            Non-issue: People with form autofill turned on in their browsers.  These functions exist to help people quickly fill in forms.  They assume the computer is private.  If people leave them turned on on a public computer, they bear responsibility for the consequences, which as above apply to every site they visit.


            The Issue: People forwarding emails with personalized links.  The Marketo lead is not asked to authenticate her/himself when clicking a link, hence the link constitutes a form of auto-login.  If you have form prefill turned on in Marketo, you're explicitly trusting that the human that clicks the link is the lead, and thus you aren't showing them anything they don't already know about themselves.  That's a feature when viewed from some angles, but a bug when viewed from others. The only way to protect against this information leak is to turn off form prefill.  Simply having a "This isn't me" button obviously won't suffice because the damage is already done.

            • Re: Form pre-fill with another lead's data
              Allison Sparrow

              Franklin Rea this happened to us also. It happens less so with Forms 1.0. You have to disable auto-fill from the form :/


              We got the same input from Marketo support, however I think there is something else up. Now we mostly just disable our auto-fill...


              hope this helps