94 Billion Stolen Cookies Found on the Dark Web, NordVPN Reports

New research from NordVPN has uncovered a massive trove of stolen browser cookies circulating on the dark web. The report estimates that around 94 billion cookies are currently being traded or sold illegally.

These cookies—small data files created by websites and stored in browsers—can pose serious security risks. They often contain sensitive information that can be used to hijack user sessions or bypass login credentials.

Malware Behind the Theft

The majority of these stolen cookies come from infostealer malware. Key findings include:

  • Redline malware is responsible for nearly 42 billion cookies, though only 6.2% remain active.
  • Vidar has stolen 10.5 billion cookies, with 7.2% still valid.
  • LummaC2, a newer malware, accounts for 8.8 billion cookies, with 6.5% active.
  • CryptBot stands out with 1.4 billion cookies, of which a staggering 83.4% are still active.

Active cookies are especially dangerous because they can allow attackers to access accounts without needing passwords.

A Growing Threat

This isn’t the first time NordVPN has raised the alarm. In 2024, millions of cookies from UK users were leaked online. Globally, 54 billion cookies were stolen that year—highlighting a sharp increase in 2025.

The stolen cookies contain various types of data. Common keywords found in the dataset include:

  • “ID” – 18 billion instances
  • “Session” – 1.2 billion
  • “Auth” – 292 million
  • “Login” – 61 million

These terms suggest that many cookies could be used to hijack live sessions, bypassing login pages entirely.

Why It Matters

NordVPN researchers warn that even seemingly harmless cookies can be dangerous. In their words:

“Cookies may sound sweet, but sometimes they can leave a bad taste. Even the most seemingly unimportant cookies can do a lot of damage. Session cookies, especially active ones, are a goldmine. They let attackers skip login pages altogether.”

Potential Consequences

If exploited, these cookies could allow cybercriminals to:

  • Take over social media accounts
  • Bypass two-factor authentication
  • Launch social engineering attacks
  • Access sensitive financial data

The findings underscore the importance of strong cybersecurity practices and regular cookie management.

More From NewForTech

Security

Booking.com Scam Alert: Fake Emails Use Japanese Letters

Hey, listen up if you're into renting out places on Booking.com or just booking trips—you might want to watch out for this sneaky trick...
Security

Phishing Bypasses MFA via Digital Wallet Provisioning

Phishing gangs are now defeating multi-factor authentication by provisioning payment credentials into digital wallets in real time. One-time passcodes alone no longer stop attackers...
Security

Endgame Gear Hit by Supply Chain Attack: Malware in Mouse Tool

Peripheral device manufacturer Endgame Gear has acknowledged falling victim to a supply chain compromise where unknown cybercriminals infiltrated their web platform and substituted an...
How-To

Ransomware Response: What to Do in the First 24 Hours

A ransomware attack is one of the most serious threats an organization can face.It’s disruptive, expensive, and can severely damage your reputation. Your response...
Security

Safari Fullscreen Feature Exploited in New Browser-Based Phishing Attacks

Security researchers have discovered a new phishing technique that exploits a Safari browser feature to steal user credentials. The attack uses the Fullscreen API...
Security

AI Governance: Balancing Innovation and ESG Goals

The race to lead in artificial intelligence is accelerating. Major tech companies are pouring billions into boosting computing power and infrastructure. From headline-grabbing supercomputers to...
Load more

Table of contents [hide]

© Copyright - NewForTech.