Sign up to save your podcasts
Or
Share From 54 Billion to 94 Billion: Cookie Theft Skyrockets as Hackers Exploit Your Browser
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
From 54 Billion to 94 Billion: Cookie Theft Skyrockets as Hackers Exploit Your Browser
Ireland ranks 117th out of 253 countries, with over 57 million leaked cookies - 4.7 million of which are still active and tied to real user activity.
According to the latest research by cybersecurity company NordVPN, Ireland has landed a troubling spot on the global leaderboard for leaked cookies, ranking 117th out of 253 countries. Over 57 million cookies linked to Irish users have been found on the dark web.
Although cookies are commonly seen as helpful for improving online experiences, many don't realise that hackers can exploit them to steal personal data and access secure systems.
"Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information," says Adrianus Warmenhoven, cybersecurity expert at NordVPN. "What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide."
The hidden risk behind everyday browsing
Cookies are small text files that websites store on a user's browser to remember preferences, login details, and browsing behaviour. They play a vital role in making online experiences smoother, helping websites load faster, keeping shopping carts full, and allowing users to stay logged in across sessions. Without cookies, the convenience and personalisation of the modern web would be severely limited.
However, as the digital landscape evolves, so does the misuse of these tools. Cybercriminals have learned to harvest cookies to hijack sessions, steal identities, and bypass security measures.
"Most people don't realise that a stolen cookie can be just as dangerous as a password," says Warmenhoven. "Once intercepted, a cookie can give hackers direct access to accounts and sensitive data, no login required."
Millions of pieces of personal data exposed
NordVPN's research reveals a massive malware operation that stole almost 94 billion cookies - a dramatic jump from 54 billion just a year ago, marking a 74% increase. Even more concerning, 20.55% of these cookies are still active, posing an ongoing risk to users' online privacy. Most stolen cookies came from major platforms, including Google (4.5 billion), YouTube (1.33 billion), and over 1 billion each from Microsoft and Bing.
The growth is just as alarming when comparing personal data exposure over the past few years. In 2024, NordVPN identified 10.5 billion assigned IDs, 739 million session IDs, 154 million authentication tokens, and 37 million login credentials. In 2025, those numbers rose sharply, with 18 billion assigned IDs and 1.2 billion session IDs now exposed. These data types are critical for identifying users and securing their online accounts, making them highly valuable to cybercriminals.
The stolen information often included full names, email addresses, cities, passwords, and physical addresses - key personal data that can be used for identity theft, fraud, and unauthorised account access.
The data was harvested using 38 different types of malware, more than triple the 12 types identified last year. The most active strains were Redline (41.6 billion cookies), Vidar (10 billion), and LummaC2 (9 billion). These malware families are known for stealing login details, passwords, and other sensitive data.
Redline is a powerful infostealer that extracts saved passwords, cookies, and autofill data from browsers, giving hackers direct access to personal accounts.
Vidar works similarly but also downloads additional malware, making it a gateway to more complex attacks.
LummaC2 is particularly evasive, frequently updating its tactics to slip past antivirus tools and spread across systems undetected.
In addition to these known threats, researchers discovered 26 new types of malware not seen in 2024 - a sign of how quickly the cybercrime landscape is evolving. New entries like RisePro, Stealc, Nexus, and Rhadamanthys are especially dangerous. RisePro and Stealc are built to rapidly steal browser credentials and session data, while Nexus targets banking information using mobile emul...
View all episodes
By Irish Tech News
2
11 ratings
Ireland ranks 117th out of 253 countries, with over 57 million leaked cookies - 4.7 million of which are still active and tied to real user activity.
According to the latest research by cybersecurity company NordVPN, Ireland has landed a troubling spot on the global leaderboard for leaked cookies, ranking 117th out of 253 countries. Over 57 million cookies linked to Irish users have been found on the dark web.
Although cookies are commonly seen as helpful for improving online experiences, many don't realise that hackers can exploit them to steal personal data and access secure systems.
"Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information," says Adrianus Warmenhoven, cybersecurity expert at NordVPN. "What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide."
The hidden risk behind everyday browsing
Cookies are small text files that websites store on a user's browser to remember preferences, login details, and browsing behaviour. They play a vital role in making online experiences smoother, helping websites load faster, keeping shopping carts full, and allowing users to stay logged in across sessions. Without cookies, the convenience and personalisation of the modern web would be severely limited.
However, as the digital landscape evolves, so does the misuse of these tools. Cybercriminals have learned to harvest cookies to hijack sessions, steal identities, and bypass security measures.
"Most people don't realise that a stolen cookie can be just as dangerous as a password," says Warmenhoven. "Once intercepted, a cookie can give hackers direct access to accounts and sensitive data, no login required."
Millions of pieces of personal data exposed
NordVPN's research reveals a massive malware operation that stole almost 94 billion cookies - a dramatic jump from 54 billion just a year ago, marking a 74% increase. Even more concerning, 20.55% of these cookies are still active, posing an ongoing risk to users' online privacy. Most stolen cookies came from major platforms, including Google (4.5 billion), YouTube (1.33 billion), and over 1 billion each from Microsoft and Bing.
The growth is just as alarming when comparing personal data exposure over the past few years. In 2024, NordVPN identified 10.5 billion assigned IDs, 739 million session IDs, 154 million authentication tokens, and 37 million login credentials. In 2025, those numbers rose sharply, with 18 billion assigned IDs and 1.2 billion session IDs now exposed. These data types are critical for identifying users and securing their online accounts, making them highly valuable to cybercriminals.
The stolen information often included full names, email addresses, cities, passwords, and physical addresses - key personal data that can be used for identity theft, fraud, and unauthorised account access.
The data was harvested using 38 different types of malware, more than triple the 12 types identified last year. The most active strains were Redline (41.6 billion cookies), Vidar (10 billion), and LummaC2 (9 billion). These malware families are known for stealing login details, passwords, and other sensitive data.
Redline is a powerful infostealer that extracts saved passwords, cookies, and autofill data from browsers, giving hackers direct access to personal accounts.
Vidar works similarly but also downloads additional malware, making it a gateway to more complex attacks.
LummaC2 is particularly evasive, frequently updating its tactics to slip past antivirus tools and spread across systems undetected.
In addition to these known threats, researchers discovered 26 new types of malware not seen in 2024 - a sign of how quickly the cybercrime landscape is evolving. New entries like RisePro, Stealc, Nexus, and Rhadamanthys are especially dangerous. RisePro and Stealc are built to rapidly steal browser credentials and session data, while Nexus targets banking information using mobile emul...