Purchases made through links in our articles may result in a commission for Future and its partners.
Image Credit: Getty Images
- Recent studies by NordVPN uncover 94 billion stolen cookies circulating on the dark web.
- Only a fraction of these cookies remain active.
- This situation poses significant risks for online users.
NordVPN has recently highlighted a troubling trend: cookies—small data files created by web servers and stored in browsers—are being extensively leaked and misused on the dark web. According to their findings, approximately 94 billion cookies are now in circulation in this underground network. Alarmingly, nearly 42 billion of these cookies can be traced back to Redline, a well-known malware specifically designed to steal sensitive information. However, only about 6.2% of these cookies are currently active, which suggests they don’t linger long in the digital ecosystem.
The analysis also indicates that the majority of these cookies are inactive; for instance, only 7.2% of the 10.5 billion cookies sourced from another malware, Vidar, are valid, while LummaC2, a more recent entry in the infostealer category, has just 6.5% of its 8.8 billion cookies still showing as active. Notably, CryptBot stands out as an exception, with an impressive 83.4% of the 1.4 billion stolen cookies remaining in a usable state.
Exclusive offer: Save up to 68% on identity theft protection for our readers!
TechRadar recommends Aura for its transparent pricing and ease of use. The platform now offers a comprehensive security solution that includes a password manager, VPN, and antivirus, adding considerable value for users concerned about their online safety.
Preferred partner (Learn more about this)View Deal
Understanding the Risks
This isn’t the first time NordVPN has raised alarm bells regarding cookie exploitation. Earlier reports indicated that millions of cookies belonging to UK internet users were leaked on the dark web in early 2024, contributing to a staggering global total of 54 billion in stolen cookies this year alone—an increase compared to previous years.
Analyzing the data revealed that these stolen cookies include various types of sensitive information, with key terms like “ID” appearing 18 billion times. Others, such as “session” (1.2 billion), “Auth” (292 million), and “login” (61 million) were also prevalent. This distribution is particularly concerning, as it suggests potential vulnerabilities that could allow attackers to hijack active user sessions without requiring a password.
Researchers warn that while cookies may seem insignificant, they can be detrimental to users and businesses alike. Even cookies that appear harmless can grant unauthorized access. Active session cookies are especially valuable, enabling attackers to bypass login processes completely.
Furthermore, these stolen cookies can result in accounts being compromised, allowing attackers to gain control over social media profiles, bypass two-factor authentication, initiate social engineering scams, or even access sensitive banking information.
