Slashdot: Billions of Cookies Up For Grabs As Experts Warn Over Session Security

May 31, 2025

—

Source URL: https://it.slashdot.org/story/25/05/31/0020249/billions-of-cookies-up-for-grabs-as-experts-warn-over-session-security
Source: Slashdot
Title: Billions of Cookies Up For Grabs As Experts Warn Over Session Security

Feedly Summary:

AI Summary and Description: Yes

Summary: The text discusses the alarming prevalence of stolen cookies being sold on underground platforms like the dark web, highlighting their potential as a significant cybersecurity risk. These cookies can function as digital keys, enabling cybercriminals to access sensitive user information without requiring credentials or circumventing multi-factor authentication (MFA).

Detailed Description:

The problem of stolen cookies has escalated to a critical level, drawing attention from cybersecurity experts. Key points include:

– **Scale of the Issue**: Over 93.7 billion stolen cookies are available for purchase on various illicit platforms, including the dark web and Telegram. This poses a severe risk to personal and organizational security since a significant portion (7-9 percent) of these cookies are active.

– **Nature of Cookies**: Cookies, while designed to enhance user convenience, can become potent tools for cybercriminals when compromised. They serve as digital keys that can grant access to sensitive information without the need for traditional credentials.

– **Expert Opinion**: Adrianus Warmenhoven from NordVPN emphasizes that cookies should not be underestimated in their seriousness; they can be just as dangerous as passwords. He warns that users often dismiss the dangers associated with cookies due to their convenience, failing to understand the vulnerabilities they introduce.

– **Types of Data**:
– **ID Data**: The vast majority (90.25 percent) of stolen cookies contain ID data that uniquely identifies users and is often used for targeted advertising.
– **Session Data**: There is a significant concern regarding the 1.2 billion stolen session cookies, equating to about 6 percent of the total. These cookies can facilitate unauthorized access to user accounts.

– **Privacy Risks**: While the risk of exposing personal data (such as names and addresses) through cookie theft is relatively low (at about 0.5 percent), the potential for immediate and direct access to accounts through session cookies is substantial.

In conclusion, the exploitability of cookies represents a complex security challenge for individuals and organizations alike, necessitating heightened awareness and proactive security measures against cookie theft and the broader implications for information security.

1 2 2024 24 3 4 5 7 a access account Act addresses advertising AI and anti ARM as authentication aware awareness being Bi C CERN CI CIA co compromised cookies credential credentials critical cyber cybercriminal cybercriminals cybersecurit Cybersecurity cybersecurity expert cybersecurity experts cybersecurity risk D dark web data de design digital digital keys DoT dual e exp expert Experts exploit exploitability fact factor authentication factor authentication (MFA) fail for function g git H high Highlight HR http HTTPS implications in information information security io issue J Just k Key keys l led level Li low M measures media MFA multi multi-factor authentication Multi-Factor Authentication (MFA) N no o of on organization organizational security organizations ory oS out over passwords personal data platform platforms point potential pre privacy privacy risk privacy risks proactive proactive security proactive security measures problem Q R RCE red Risk risks Ro s Scale sec security Security Expert security experts security measure security measures security risk sensitive information session cookies session data session security Sig size SoC source SSE SSO stolen cookies T targeted targeted advertising Telegram text the theft to tool tools Tor TP type UI unauthorized access under up US use user user convenience user information Users uth V val VPN vulnerabilities Ware web Wi x