Hackers have stolen nearly 94-billion browser cookies this year – a 74% increase from last year, according to cybersecurity analysts NordVPN.
Cookies make browsing easier by saving things like logins and preferences. But now, criminals use them to break into accounts and steal personal information. Even worse, over 20% of the stolen cookies still work which means they can now be used to access real people’s online accounts.
Cookies store data like login credentials and session information to streamline online experiences. In the wrong hands, they act like digital keys, letting attackers enter accounts without a username or password.
“Cookies may seem harmless, but they’re a growing threat,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “Hackers use them to gain direct access to people’s accounts and information.”
Cookies are being stolen globally, affecting over 250 countries, with major impact in Brazil, India, Indonesia, and the US. Europe saw high numbers too, especially Spain and the UK, which had a notably high rate of active stolen cookies. The true scale might be even larger due to untracked data.
The new report from NordVPN also found dramatic increases in other forms of exposed data: 18-billion assigned IDs, 1,2-billion session IDs, and millions of login credentials, authentication tokens, and personal details like names, email addresses, and physical locations. This data is valuable for identity theft, fraud, and other malicious activity.
Behind these breaches are 38 different types of malware – more than three times more than there was the year before.
Heading this list are Redline (41,6-billion cookies stolen), Vidar (10-billion), and LummaC2 (9-billion) – all designed to harvest browser data. Researchers also discovered 26 new malware variants including RisePro, Stealc, Nexus, and Rhadamanthys, many of which are built to evade antivirus tools and steal credentials quickly.
How to protect yourself
While the risks are real, staying safe online does not have to be complicated. A few basic habits can go a long way in protecting your accounts and personal information from hackers:
- Use strong, unique passwords for every account.
- Turn on multifactor authentication (MFA).
- Avoid clicking on suspicious links or downloading unknown files.
- Keep your software and devices updated.
- Regularly clear your browser cookies and site data.
“Many people close their browser and assume they’re safe,” says Warmenhoven. “Those sessions often remain valid. Taking just a few simple steps can dramatically reduce your risk of being targeted by cybercriminals.”