94 Billion Stolen Cookies Found on the Dark Web, NordVPN Reports

openrun pro 2

New research from NordVPN has uncovered a massive trove of stolen browser cookies circulating on the dark web. The report estimates that around 94 billion cookies are currently being traded or sold illegally.

These cookies—small data files created by websites and stored in browsers—can pose serious security risks. They often contain sensitive information that can be used to hijack user sessions or bypass login credentials.

Malware Behind the Theft

The majority of these stolen cookies come from infostealer malware. Key findings include:

  • Redline malware is responsible for nearly 42 billion cookies, though only 6.2% remain active.
  • Vidar has stolen 10.5 billion cookies, with 7.2% still valid.
  • LummaC2, a newer malware, accounts for 8.8 billion cookies, with 6.5% active.
  • CryptBot stands out with 1.4 billion cookies, of which a staggering 83.4% are still active.

Active cookies are especially dangerous because they can allow attackers to access accounts without needing passwords.

A Growing Threat

This isn’t the first time NordVPN has raised the alarm. In 2024, millions of cookies from UK users were leaked online. Globally, 54 billion cookies were stolen that year—highlighting a sharp increase in 2025.

The stolen cookies contain various types of data. Common keywords found in the dataset include:

  • “ID” – 18 billion instances
  • “Session” – 1.2 billion
  • “Auth” – 292 million
  • “Login” – 61 million

These terms suggest that many cookies could be used to hijack live sessions, bypassing login pages entirely.

Why It Matters

NordVPN researchers warn that even seemingly harmless cookies can be dangerous. In their words:

“Cookies may sound sweet, but sometimes they can leave a bad taste. Even the most seemingly unimportant cookies can do a lot of damage. Session cookies, especially active ones, are a goldmine. They let attackers skip login pages altogether.”

Potential Consequences

If exploited, these cookies could allow cybercriminals to:

  • Take over social media accounts
  • Bypass two-factor authentication
  • Launch social engineering attacks
  • Access sensitive financial data

The findings underscore the importance of strong cybersecurity practices and regular cookie management.

sponsored

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Razer Basilisk Mobile

Save $120 on the Sonos Ace Headphones!

Recommended Posts

Roborock Banner – Explore the Latest in Smart Cleaning