The Web Proxy Auto-Discovery Protocol (WPAD) can expose computer users’ online accounts, web searches, and other private data. Researchers: Man-in-the-middle attackers can abuse the WPAD protocol to hijack people’s online accounts and steal their sensitive information. WPAD is enabled by default on all Windows computers, even those running home editions. Researchers showed how these attacks do not break HTTPS encryption in any way, but rather work around it and take advantage of how the web and browsers work.”]