Here is an interesting research by NordVPN, they found 54 billion cookies leaked on the dark web.  More than 218 million of them were from Canada. While cookies are mostly known as an essential tool for browsing, many are unaware that cookies have become one of the key tools for hackers to steal data and gain access to sensitive systems. 

“Thanks to the cookie consent popups, we view cookies as a necessary, albeit annoying part of being online. However, many don’t realize that if a hacker gets hold of your active cookies, they might not need to know any logins, passwords, and even MFA to overtake your accounts,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

How do cookies work and what risks do stolen cookies pose? 

In order to explain the underlying threat, a NordVPN expert explains how cookies work:

“Firstly, it’s important to understand that the cookie setup is necessary. There is literally no other way for a device to know which user operates it. Without cookies, the server cannot verify the user. To put it simply, once the user logs in with a password and MFA, the server gives the user a cookie. And the next time the same user comes back with this cookie, the server recognizes the cookie and knows that this user has already logged in — so there’s no need to ask for the same information again,” says Adrianus Warmenhoven.  

However, if this cookie is stolen and is still active, an attacker can potentially login into your account without having your password or needing MFA.

In addition to the already mentioned session data, cookies can also hold other sensitive information, such as people’s names, location, orientation, size and so on. 

What kind of cookies were found? 

Out of 54 billion analyzed cookies, 17% were active. Meanwhile, out of the 218 million analyzed cookies from Canada, 25% were active.

“While it may seem that 25% is not that much, it’s important to understand that it’s a huge amount of personal data — over 54 million cookies. And although active cookies present a greater risk, inactive ones still present a threat to user privacy, as well as the potential for hackers to use stored information for further abuse or manipulation,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Over 2.5B of all the cookies in the dataset were from Google, with another 692M from Youtube. Over 500M were from Microsoft and Bing.* 

“Cookies from such core accounts are particularly dangerous because they may be used to access further login details through, for example, password recovery, corporate systems, or SSO,” notes Adrianus Warmenhoven.

With regards to country data, the most cookies came from Brazil, India, Indonesia, the US, and VietnamCanada ranked 28th in terms of number of leaked cookies. Overall, there were 244 countries and territories represented in the cookies data set, showing the breadth of coverage of these huge malware systems. 

The largest keyword category (10.5 billion) was “assigned ID,” followed by “session ID” (739 million) — these cookies are assigned or connected to specific users in order to keep sessions active or identify them on the website to provide services. These were followed by 154M authentication and 37M login cookies.

Name, email, city, password, and address were most common in the personal information category.

“If you combine all of these details with age, size, gender, or orientation, you will get a very intimate picture of the user, which can allow for well-targeted scams or attacks,” notes Adrianus Warmenhoven.  

Up to 12 different types of malware were used to steal these cookies. Nearly 56% were collected by Redline, a popular infostealer and keylogger. 

How to protect yourself

While there’s no magic cookie jar to keep them locked up tight, there are some digital hygiene tips that Adrianus recommends. 

Firstly, he emphasizes the importance of awareness and behavior online. 

“It’s a good idea to regularly delete cookies to minimize available data that can be stolen. Also, be aware of files you download and websites you visit — being vigilant can minimize your risk,” says the expert. 

Using such tools as NordVPN’s Threat Protection can also help because this feature helps to block malicious sites, checks downloads for malware, and blocks trackers, better protecting the user from data gathering and theft. Dark Web Monitoring can also help alert the user in the event the data does get stolen, allowing a person to take action before further harm can be caused.

Source: NordVPN