Security

Millions of private files from South Africans at mercy of dark web hackers

Luis Monzon

4th April 2024

176 million browser cookies from South African users have been found on the dark web.
Hackers can use information from the cookies to steal user names, addresses and browsing habits.
The cookies were stolen using malware, and many of them are still active.

A huge leak of browser cookies into the dark web has been discovered by independent researchers and published by NordVPN. More than 54 billion cookies have been found on deep locations of the internet, where hackers can easily get hold of them and the private user information they contain.

According to NordVPN, South Africa ranks 32nd globally in terms of cookie leaks, with 30 percent of cookies, or 176 million, from South African users found online still active. This continues to pose “a significant threat to online privacy and security in the region,” the company explains.

“Many don’t realize that if a hacker gets hold of your active cookies, they might not need to know any logins, passwords, and even MFA to overtake your accounts,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Most people encounter cookies nowadays when they enter new websites, usually either accepting them or declining them. They are used by websites to record user information, such as browsing behaviour and search history.

“To put it simply, once the user logs in with a password and MFA, the server gives the user a cookie. And the next time the same user comes back with this cookie, the server recognizes the cookie and knows that this user has already logged in,” Warmenhoven adds.

Cookies have become commonplace during browsing online, but hackers can use them to steal sensitive data. Up to 12 different types of malware were used to steal these cookies. Nearly 56 percent were collected by Redline, a popular infostealer and keylogger.

“However, if this cookie is stolen and is still active, an attacker can potentially login into your account without having your password or needing MFA. In addition to the already mentioned session data, cookies can also hold other sensitive information, such as people’s names, location, orientation, size and so on,” the VPN provider says.

In terms of where the cookies originate from. Over 2.5 billion are from Google, with another 692 million from Youtube. Over 500 million were from Microsoft and Bing. Around 17 percent of the total 54 billion cookies were still active.

“While it may seem that 17% is not that much, it’s important to understand that it’s a huge amount of personal data — over nine billion cookies. And although active cookies present a greater risk, inactive ones still present a threat to user privacy, as well as the potential for hackers to use stored information for further abuse or manipulation,” adds Warmenhoven.

“Cookies from such core accounts are particularly dangerous because they may be used to access further login details through, for example, password recovery, corporate systems, or SSO,” he says.

South Africa had the largest amount of active cookies worldwide, while Brazil had the total largest amount of cookies found on the dark web. Name, email, city, password, and address were most common types of personal information found in the cookies.

“If you combine all of these details with age, size, gender, or orientation, you will get a very intimate picture of the user, which can allow for well-targeted scams or attacks,” Warmenhoven notes.

[Image – Photo by Markus Spiske on Unsplash]