Cybersecurity specialists warn of widespread knowledge publicity as a current investigation reveals a staggering variety of web cookies circulating on the darkish internet.
A brand new report from NordVPN highlights the extreme privateness dangers related to internet cookies, that are small information web sites retailer in your machine to recollect your searching exercise. The analysis, carried out in partnership with risk publicity administration platform, NordStellar, uncovered roughly 93.7 billion stolen cookies out there on the market in underground on-line marketplaces.
Researchers analyzed knowledge from Telegram channels between April 23 and April 30, 2025, leading to a dataset of round 94 billion cookies. The researchers analyzed the cookies’ energetic or inactive standing, malware used, nation of origin, knowledge content material, the corporate, the person’s OS, and key phrase classes assigned to customers. NordVPN didn’t purchase stolen cookies or entry their contents, however solely examined the information inside them.
What’s Contained in the Digital Cookie Jar?
The evaluation of those stolen cookies revealed a treasure trove of private knowledge. When analyzing these stolen cookies, ‘ID’ (Assigned ID was related to 18 billion cookies) and ‘session’ (related to 1.2 billion cookies) have been recognized as the commonest key phrases, indicating the kind of knowledge they held.
These are essential for sustaining energetic person periods on web sites, which means a stolen session ID may grant an attacker direct entry to an account without having a password. Alarmingly, out of the full 93.7 billion stolen cookies analysed, 15.6 billion have been nonetheless energetic, posing a direct risk to customers.
This huge assortment of compromised knowledge poses a big risk to private safety, doubtlessly permitting malicious actors to entry delicate data and on-line accounts. Past session knowledge, the report reveals that compromised cookies steadily contained private particulars corresponding to names, electronic mail addresses, international locations, cities, and even passwords.
This data may be exploited for focused phishing assaults or, in additional extreme circumstances, id theft. Right here’s a breakdown of the information attackers can steal by way of cookies.
The place Did These Cookies Come From?
The vast majority of these stolen cookies have been traced again to a number of main on-line platforms and originated from a various set of nations. Google companies alone accounted for over 4.5 billion cookies, with YouTube and Microsoft every contributing greater than 1 billion. This means that extensively used platforms are prime targets for cybercriminals as a result of sheer quantity of person knowledge they deal with.
The first methodology of theft concerned numerous forms of malware, together with infostealers, trojans, and keyloggers. Redline emerged as essentially the most prolific, chargeable for stealing nearly 42 billion cookies. Take a look at the listing of malicious software program used to steal these cookies:
Defending Your Digital Crumbs
Given the widespread risk, cybersecurity specialists advise customers to take proactive steps to safeguard their on-line presence.
“Cookies could seem innocent, however within the unsuitable arms, they’re digital keys to our most non-public data. What was designed to reinforce comfort is now a rising vulnerability exploited by cybercriminals worldwide.”
Adrianus Warmenhoven, Cybersecurity Skilled – NordVPN
Due to this fact, to remain secure, at all times watch out when accepting cookies on web sites, opting to reject pointless ones, particularly third-party trackers. Additionally, recurrently clear cookies out of your browser to restrict the window of alternative for attackers.
Moreover, utilizing safety instruments like anti-malware software program and Digital Non-public Networks (VPNs) can considerably improve safety. It helps block malicious web sites, scan downloads for threats, and encrypt web site visitors, making it tougher for cybercriminals to grab your digital cookies.
