14 million internet cookies leaked from UK consumers to the dark web

14 million internet browser cookies linked to UK consumers have been leaked on the dark web, as revealed by a new study conducted by the cybersecurity company NordVPN.

More than 54 billion cookies worldwide were found to have been leaked on the dark web according to the latest research which found cookies belonging to people in 244 countries. While cookies are mostly known as an essential tool for browsing, many consumers are unaware that they have become one of the key tools for hackers to steal data and gain access to sensitive systems.

Internet cookies are tiny pieces of data that your computer or web browser stores when you visit a website. They track your engagement and behaviour within a website and help web pages remember your preferences.

Once the user logs in with a password and multi-factor authentication (MFA), the server gives the user a cookie. When the same user comes back with this cookie, the server recognises the cookie and knows that this user has already logged in — so there’s no need to ask for the same information again.

Even when you’re not logging in, once you click ‘accept all’ to cookies you are giving the site permission to store cookies and allow third-party cookies. Third parties can then track you across all of the sites they partner with, allowing them to see you moving from site to site.

If this information lands in the hands of a cyber criminal, they could know what your favourite websites are and what time you typically visit, allowing them to create sophisticated scams tailored to your own tastes. Out of the 54 billion cookies taken from people around the world, 17% – or nine billion – were found to be active.

In the UK, that percentage was much higher – with 56% of all cookies leaked being considered active - the second highest in the world after North Korea. Active cookies are persistent and can track user behaviour long after someone has left a website.

While active cookies pose a greater danger, inactive ones still present a threat to user privacy, as well as the potential for hackers to use stored information for further abuse or manipulation. More than 2.5 billion of the cookies in the dataset were from Google, with another 692 million from YouTube and over 500 million from Microsoft and Bing.

The most cookies came from Brazil, India, Indonesia, the US, and Vietnam. The most common country in Europe was Spain, with 554 million cookies in the dataset.

Overall, there were 244 countries and territories represented in NordVPN’s dark web analysis, showing the breadth of coverage of these huge malware systems. The largest keyword category (10.5 billion) was “assigned ID”, followed by “session ID” (739 million).

These cookies are assigned or connected to specific users in order to keep sessions active or identify them on the website to provide services. These were followed by 154 million authentication and 37 million login cookies.

Name, email, city, password, and address were the most common details in the personal information category. Up to 12 different types of malware were used to steal these cookies. Nearly 57% were collected by Redline, a popular infostealer and keylogger.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, comments: “Millions of websites are able to convince browsers that accepting all cookies is essential to getting the most out of your experience and that it’s much less hassle to simply click ‘accept’.

“However, you might not know what you’re agreeing to. There is a real danger that many don’t realise that if a hacker gets hold of your active cookies, they might not need to know any logins, passwords, and even MFA to overtake your accounts.

“It’s important to understand that the cookie setup is necessary. There is no other way for a device to know which user operates it. Without cookies, the server cannot verify the user.

“However, if this cookie is stolen and is still active, an attacker can potentially login into your account without having your password or needing MFA. In addition, cookies can also hold other sensitive information, such as people’s names, location, sexual orientation and even your appearance.

“Cookies can gather all manner of details to give a very intimate picture of the user, which ultimately leads to scammers being able to create well-targeted attacks.” There are ways to protect yourself though, with Adrianus Warmenhoven going on to say: “While there’s no magic cookie jar to keep them locked up tight, there are some digital hygiene tips to be aware of.

“It’s a good idea to regularly delete cookies to minimise available data that can be stolen. Also, be aware of files you download and websites you visit — being vigilant can minimise your risk.

“Accepting cookies on untrustworthy websites presents a much greater risk than on secure websites, so checking the website security, or using tools such as NordVPN’s Threat Protection can also help. These tools help to block malicious sites, check downloads for malware, and block trackers, better protecting the user from data gathering and theft.

“Dark Web Monitoring can also help alert the user in the event the data does get stolen, allowing a person to take action before further harm can be caused.”