New Zealand ranks 98th worldwide for dark web cookie leaks with 28M.
There are more than 54 billion cookies leaked on the dark web, according to the latest research conducted by independent researchers and released by NordVPN. While cookies are mostly known as an essential tool for browsing, many are unaware that cookies have become one of the key tools for hackers to steal data and gain access to sensitive systems.
“Thanks to the cookie consent popups, we view cookies as a necessary, albeit annoying part of being online. However, many don’t realize that if a hacker gets hold of your active cookies, they might not need to know any logins, passwords, and even MFA to overtake your accounts,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
How do cookies work and what risks do stolen cookies pose?
In order to explain the underlying threat, a NordVPN expert explains how cookies work:
“Firstly, it’s important to understand that the cookie setup is necessary. There is literally no other way for a device to know which user operates it. Without cookies, the server cannot verify the user. To put it simply, once the user logs in with a password and MFA, the server gives the user a cookie. And the next time the same user comes back with this cookie, the server recognizes the cookie and knows that this user has already logged in — so there’s no need to ask for the same information again,” says Adrianus Warmenhoven.
However, if this cookie is stolen and is still active, an attacker can potentially login into your account without having your password or needing MFA.
In addition to the already mentioned session data, cookies can also hold other sensitive information, such as people’s names, location, orientation, size and so on.
What kind of cookies were found?
Out of 54 billion analyzed cookies, 17% were active.
“While it may seem that 17% is not that much, it’s important to understand that it’s a huge amount of personal data — over nine billion cookies. And although active cookies present a greater risk, inactive ones still present a threat to user privacy, as well as the potential for hackers to use stored information for further abuse or manipulation,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
Over 2.5B of all the cookies in the dataset were from Google, with another 692M from Youtube. Over 500M were from Microsoft and Bing.*
“Cookies from such core accounts are particularly dangerous because they may be used to access further login details through, for example, password recovery, corporate systems, or SSO,” notes Adrianus Warmenhoven.
With regard to the country data, New Zealand secures the 98th position globally, with nearly 28 million cookies recorded in the dataset, 26% of which are active. Despite similarities with Australia, which ranks 47th with 122 million cookies found, New Zealand maintains a relatively lower digital footprint.
The largest keyword category (10.5 billion) was “assigned ID,” followed by “session ID” (739 million) — these cookies are assigned or connected to specific users in order to keep sessions active or identify them on the website to provide services. These were followed by 154M authentication and 37M login cookies.
Name, email, city, password, and address were most common in the personal information category.
“If you combine all of these details with age, size, gender, or orientation, you will get a very intimate picture of the user, which can allow for well-targeted scams or attacks,” notes Adrianus Warmenhoven.
Up to 12 different types of malware were used to steal these cookies. Nearly 57% were collected by Redline, a popular infostealer and keylogger.
How to protect yourself
While there’s no magic cookie jar to keep them locked up tight, there are some digital hygiene tips that Adrianus recomm
