Researchers have found over 54 billion internet cookies on the dark web, with 1.5 billion originating from the United States, NordVPN said in a report on Wednesday.
According to the virtual private network provider, threat actors used 12 different variants of infostealer malware to harvest these cookies from targets across the globe. Internet cookies are small text files containing data about your browsing sessions. They were designed to enable a smooth and convenient browsing experience.
“Thanks to the cookie consent popups, we view cookies as a necessary, albeit annoying part of being online. However, many don’t realize that if a hacker gets hold of your active cookies, they might not need to know any logins, passwords, and even MFA to overtake your accounts,” Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said.
17% of Stolen Cookies Were Still ‘Active’
Out of the 1.5 billion cookies stolen from the United States, about 24% — or 348 million — were active, posing an immediate risk to American netizens, NordVPN said. Globally, 17% of the 54 billion stolen cookies — about nine billion — were active.
While all cookies contain private information, active cookies pose a serious threat as they can grant cybercriminals access to your accounts and sensitive information about you. Inactive cookies also present a threat, as criminals can harvest information from them for social engineering attacks and other malicious schemes.
Out of the 54 billion cookies leaked on the dark web, about 2.5 billion came from Google, 692 million from YouTube, 658 million from Microsoft, 573 million from Bing, 318 million from MSN, and 275 million from Amazon.
“Cookies from such core accounts are particularly dangerous because they may be used to access further login details through, for example, password recovery, corporate systems, or SSO,” Warmenhoven said.
The US ranked fourth on the list of countries the stolen cookies came from. The other top countries are Brazil, India, Indonesia, and Vietnam. In Europe, most of the stolen cookies came from Spain.
Types of Cookies Stolen
NordVPN’s analysis of keyword categories within the leaked cookies revealed extensive user data at risk, with “assigned ID” and “session ID” cookies topping the list — crucial for user identification and maintaining sessions. The haul also contains significant quantities of authentication and login cookies, along with personal details like names, emails, and addresses.
“If you combine all of these details with age, size, gender, or orientation, you will get a very intimate picture of the user, which can allow for well-targeted scams or attacks,” Warmenhoven explained.
Almost all the compromised cookies were harvested from devices running Windows, NordVPN said in its blog post. The most common operating system was Windows 10 Enterprise, with over 16 billion leaked cookies found. Though far less, a not-so-insignificant number of cookies came from Apple devices — 31.5 million.
Multiple Infostealers Used to Steal Cookies
According to NordVPN, one infostealer and keylogger — Redline — was used to harvest nearly 56% of the stolen cookies. Its widespread use can be attributed to its ability to siphon off cookies, passwords, account details, and other personal information.
Besides Redline, NordVPN said cybercriminals used many other malware like Vidar, Racoon, Predator-the-thief, Cryptbot, MetaStealer, and Taurus.
Info-stealing malware is one of the top threats today. They have become increasingly popular among cybercriminals in recent years. In February, Cybersixgill highlighted infostealers among the leading cybersecurity threats of 2024.
In response to concerns about cookie security, PayPal has filed a patent for an innovative method of detecting stolen “super-cookies” and protecting users’ accounts from unauthorized access.
How to Prevent Cookie Theft
NordVPN outlined various measures to enhance your security and prevent cookie theft, including:
- Deleting your cookies regularly
- Rejecting cookies on website consent boxes
- Be cautious of the websites you visit and files you download
Using cybersecurity tools like antivirus software can protect you from infostealers. Also, using a dark web monitoring tool can alert you when your data is compromised and ends up on the dark web.
To minimize cookie leaks and browser fingerprinting, we recommend using a privacy-friendly browser and a VPN with built-in anti-malware features like NordVPN.
For more news, follow us on X (Twitter), Threads, and Mastodon!
