- Research from NordVPN reveals 94 billion stolen cookies on the dark web
- Only a small percentage of these are still active
- These cookies pose a serious risk to customers
New research from NordVPN has revealed cookies, the small information files generated from web servers and sent to web browsers, leaked and exploited on the dark web in large numbers.
The results are calculating to be about 94 billion cookies circulating on the dark web, where nearly 42 billion of these originate from Redline, a notorious infectioneal malware – although only 6.2% of these were still active, which means they have a relatively short life.
In fact, most were inactive, with only 7.2% of the 10.5 billion cookies identified from Vidar, which appears as valid, along with 6.5% of Lummac2 – a newer infoStealer service – which has collected a total of 8.8 billion stolen cookies. However, there is an outlier, with Cryptbot that proves by far the most effective malware, as 83.4% of the stolen 1.4 billion cookies are still active.
What’s inside?
This is not the first time NordVPN has warned that cookies will be abused, with millions of stolen British consumers Internet browser cookies leaked on the dark web in 2024, although the total amount of 2024 was 54 billion-outlined an increase year to year.
These cookies from the data set contained a number of different types of information, with the most common keywords being “ID” (18 billion) along with “session” (1.2 billion), “authority” (292 million) and “login” (61 million) – this is particularly worrying as it suggests they could be used “Hijack Live Sessions without password”. The researchers warn;
“Cookies may sound sweet, but sometimes they can leave a bad taste. The truth is, even the most seemingly immaterial cookies can do a lot of damage to you or your business. When a door is open, it is not that difficult to open others. Session cookies, especially active, are a gold min.
However, that’s not all. These cookies could allow attackers to take over accounts on social media, bypass two-factor approval, start social technical attacks or even access sensitive financial information.
