In context: Tracking cookies have been the cornerstone of the web business for decades. The technology is so pervasive, even Google was unable to completely "kill" and replace it with modern alternatives. Even worse: cookies can be weaponized to perform cybercrimes against end users.
There are at least 93.7 billion cookies for sale on the dark web, and they pose a significant risk to users' privacy and safety. According to researchers from NordStellar, the "cookie threat" involves all the major online platforms managed by Big Tech corporations. However, people can effectively counteract this threat by adopting proper OpSec practices.
Cookies can contain crucial information about a user's web activity and their browsing history. They can remember login details during sessions, keep the shopping cart updated while we buy something through e-commerce sites, and much more. Cookies also come in different "flavors," NordVPN explains, which include first-party and third-party cookies, super cookies, and even "zombie cookies" that are restored from backup copies when a user deletes them.
Google tried to phase out third-party cookies and introduce its Privacy Sandbox technology as the next big thing in web advertising. The corporation ultimately failed because cookies are still essential for selling items and data online. Cookies are here to stay, and they can be snatched by complex malware operations such as Redline, Vidar, CryptBot, and the recently displaced LummaC2 botnet.
The 94 billion cookies discovered by NordStellar researchers can provide a lot of "juicy" data for cybercriminals, including passwords and other authentication tokens. Furthermore, the stolen tracking cookies include a trove of personal information such as usernames and email addresses, country, city, gender, age, and more.
Criminals could exploit this data for fraud attempts, identity theft, and social engineering efforts. These stolen cookies have become a personal safety threat as much as a privacy risk, the researchers said. They come from major online platforms, with Google, YouTube, and Microsoft taking the top three spots. The list of targets includes social networks, e-commerce platforms, collaboration tools (Canva), and more. Most of the cookies come from Windows devices, as the majority of malware operations target Microsoft's PC platform.
Despite all the gloom and doom about the impending cookie apocalypse, NordVPN provides a few useful recommendations on how people can protect themselves against stolen cookies. Users should think twice about accepting tracking cookies on every website they visit, and they should clear the browser cookies on a regular basis. We can confidently add that all data in the browser's cache should be destroyed every now and then.