The report highlights a growing cybersecurity crisis as billions of stolen cookies have been discovered on the dark web and Telegram networks, posing significant threats to personal data security. NordVPN’s analysis suggests that more than 93.7 billion stolen cookies are currently available for purchase by malicious actors, with an estimated 7-9 percent of these containing active session data that could grant access to user accounts. The stolen session cookies, which make up roughly 6 percent of the total cookies available for sale, are particularly concerning as they could enable cybercriminals to bypass Multi-Factor Authentication (MFA) and access user systems without the need for login credentials. This represents a severe security vulnerability that could lead to extensive data breaches and the exposure of sensitive information such as names, email addresses, and even passwords.
Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, warned that while cookies were originally designed to enhance user experience by streamlining login processes, they have become a target for exploitation by cybercriminals. He highlighted that stolen cookies could be just as dangerous as stolen passwords, with the potential to grant hackers direct access to a wide range of accounts holding valuable personal and business data. Despite the high volume of available cookies on the dark web, the impact of cookie theft remains relatively limited, as only about 0.5 percent of stolen cookies contain detailed personal data such as addresses, phone numbers, and gender. However, the scale of the problem, coupled with the ease of access in the dark web market, has raised major concerns about online security practices and the need for stricter measures to protect user data.
Experts are now calling for increased awareness and better cybersecurity practices among users to mitigate the risks associated with stolen cookies. The growing availability of stolen session cookies on the dark web underscores the critical importance of adopting stronger authentication methods and ensuring that websites implement robust security measures. While the immediate financial impact of cookie theft may be limited, the long-term implications for data privacy and cybersecurity could be substantial, prompting both individuals and organizations to take greater precautions in the digital landscape.