Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Billions of Cookies Up For Grabs As Experts Warn Over Session Security

Link: https://it.slashdot.org/story/25/05/31/002024...

Billions of stolen cookies are being sold on the dark web and Telegram, with
over 1.2 billion containing session data that can grant cybercriminals access
to accounts and systems without login credentials, bypassing MFA. The
Register reports: More than 93.7 billion of them are currently available for
criminals to buy online and of those, between 7-9 percent are active, on
average, according to NordVPN's breakdown of stolen cookies by country.
Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may
seem harmless, but in the wrong hands, they're digital keys to our most
private information. What was designed to enhance convenience is now a
growing vulnerability exploited by cybercriminals worldwide. Most people
don't realize that a stolen cookie can be just as dangerous as a password,
despite being so willing to accept cookies when visiting websites, just to
get rid of the prompt at the bottom of the screen. However, once these are
intercepted, a cookie can give hackers direct access to all sorts of accounts
containing sensitive data, without any login required." The vast majority of
stolen cookies (90.25 percent) contain ID data, used to uniquely identify
users and deliver targeted ads. They can also contain data such as names,
home and email addresses, locations, passwords, phone numbers, and genders,
although these data points are only present in around 0.5 percent of all
stolen cookies. The risk of ruinous personal data exposure as a result of
cookie theft is therefore pretty slim. Aside from ID cookies, the other
statistically significant type of data that these can contain are details of
users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6
percent of the total), and these are generally seen as more of a concern.

Read more of this story at Slashdot.

---
VRSS v2.1.180528