Hackers Are Stealing Your Cookies
Jun 18, 2020
Cookies can do a lot more than just track your web browsing activity. Now it appears that hackers have found a way to steal your passwords too.
A cookie is a tiny file that websites store on your computer. They are normally perfectly harmless – and quite useful too. In fact, many of the websites you use every day rely on cookies to work properly.
Cookies were designed to be a reliable mechanism for websites to remember information or to record the users browsing history. These tiny text files can be used for storing login information, credit card information and help advertisers show ads they think will be relevant to your preferences.
Cookies can be useful, saving time to type in previously visited website login information for instance. Cookies do not directly display passwords, instead they contain a hash that stores your password. When a password has been hashed, it has been scrambled so only the website it came from can read it. The website uses a unique encryption algorithm to encode and decode the hash.
Normally hackers love to steal passwords, but stealing your cookies may be just as good. By installing your cookies with hashed passwords into their web browser, the criminal can immediately access your account, no login required.
Your cookies can be used to easily compromise social media, email and many other services.
How do hackers steal cookies?
If hackers can access your computer or your network, they can probably steal your cookies. Sometimes they can steal them directly from an insecure web server too.
People are getting smarter about protecting their computers against malware, by installing a reputable anti virus solution. As a result, criminals are having to resort to more advanced techniques, like stealing information passing through public WiFi networks.
All a hacker needs to hack your cookies is a Firefox extension called Firesheep. Firesheep is an extension that uses a technology to detect and copy cookies that are sent sent over a wireless network. As the extension discovers cookies, it creates a list on the hacker’s computer. They can then simply click on the cookies, and it logs into the website as the unsuspecting user.
A simple but effective way to stop hackers from stealing your personal information is to simply clear cookies on a regular basis. Experts recommend doing this every 7 to 14 days. They also advise never storing credit card information on a site unless it is trusted. Deleting cookies does have one drawback however – you will have to re-enter passwords and personal information next time you logon to a website. This may be inconvenient and annoying, but it is also much safer in the long run, protecting you against cookie theft.
And if you have problems remembering lots of passwords, consider using a password manager, such as LastPass, to keep them safe and secure for you. Take a look at our guide How To Protect Your Password and Keep Hackers Away to learn more.
Follow Us
Be the first to know
You might also like
‘Hacking’ refers to activities performed by a threat actor (a ‘hacker’) that seeks to compromise digital services, such as computers, smartphones, and networks. Hackers are usually characterised as only being unlawful, motivated by financial gain, information gathering, or even just for the thrill of having a challenge.
Penetration testing is a form of an ethical hacking simulation conducted in accordance with industry guidelines, which aims to closely mimic real-world targeted attacks that organisations face daily. By actively testing your organisation’s defences, you can understand your security posture while also improving your defences, reducing the likelihood of experiencing a cyber-attack, ensuring confidentiality, integrity, and availability
A penetration test ultimately seeks to answer the question “How effective is my organisation’s security controls against a skilled human hacker?” while determining the security posture of your organisation.