Report: Windows Recall Caught Screenshotting Passwords & Credit Card Info, Again

Microsoft’s Windows Recall feature is back under fire after a fresh round of testing showed it still isn’t reliably blocking sensitive data.

As reported by The Register, a new analysis found the tool’s filter fails to stop screenshots of passwords, bank details, and other private information, even after Microsoft’s recent security updates.

Recall, which logs screen activity on Copilot+ PCs, was supposed to ignore things like credit card numbers or social security data. Microsoft added a content filtering system to catch that kind of material before the AI takes a snapshot.

But in tests by The Register’s Avram Piltch, the filter only worked when clear markers, like “password” or “pay,” were on screen. Without those keywords, Recall often snapped everything, including text files full of login details and a bank account page with balances and transactions.

The issue runs deeper than just mislabeling. Piltch also confirmed that screenshots could be accessed remotely if someone had the user’s PIN, even though Microsoft touts Windows Hello’s biometric login as a safeguard.

That means if someone gets into your account with just a PIN, they could scroll through every Recall image stored on the PC.

Despite being in preview, Recall is already pushed during Windows 11 setup and promoted heavily as a Copilot feature. But with security issues continuing to pile up, turning it off might be the safest option for now. To catch you up, Signal, AdGuard, and even the Brave browser have started blocking Windows Recall to safeguard the ptivacy of users.