Cybernews reports that almost 94 billion website cookies have been pilfered and peddled by threat actors this year, which is 74% higher than last year, with over 20% of the stolen cookies being in active use, indicating widespread exposure to potential account takeovers.
Most of the stolen cookies were procured by the Redline Stealer, which was able to obtain 41.6 billion cookies, followed by the Vidar and LummaC2 information-stealing payloads, which were able to nab 10 billion and 9 billion cookies, respectively, according to a NordVPN analysis. The U.S. had the fourth highest number of exfiltrated cookies, behind Brazil, India, and Indonesia, while Google accounted for the most number of compromised cookies at over 4.5 billion. Moreover, session IDs and assigned user IDs were the most prevalently stolen cookies. "Most people dont realize that a stolen cookie can be just as dangerous as a password. Once intercepted, a cookie can give hackers direct access to accounts and sensitive data, no login required," said NordVPN's Adrianus Warmenhoven.
Most of the stolen cookies were procured by the Redline Stealer, which was able to obtain 41.6 billion cookies, followed by the Vidar and LummaC2 information-stealing payloads, which were able to nab 10 billion and 9 billion cookies, respectively, according to a NordVPN analysis. The U.S. had the fourth highest number of exfiltrated cookies, behind Brazil, India, and Indonesia, while Google accounted for the most number of compromised cookies at over 4.5 billion. Moreover, session IDs and assigned user IDs were the most prevalently stolen cookies. "Most people dont realize that a stolen cookie can be just as dangerous as a password. Once intercepted, a cookie can give hackers direct access to accounts and sensitive data, no login required," said NordVPN's Adrianus Warmenhoven.
