Information is power, and it can be used to obtain advantages even incorrectly. And where is so much information about us online? Obviously in cookies (What are?)the tiny text files that (simplifying) keep track of our preferences for a particular site and even our entire browsing history. Getting your hands on cookies is getting your hands on treasure.
And it’s right on a treasure composed of 54 billion cookies that cybercriminals have recently gotten their hands on, making them available on the Dark Web: from this boundless database an interesting in-depth study was started by analysts at NordVPN, one of the most well-known providers of VPN services (things?).
Artificial intelligence
Stealing data from ChatGPT, using ChatGPT: how AI reveals people’s names, surnames, faces and addresses
by Emanuele Capone
Stolen cookies, the situation in Italy
According to what emerged, the stolen cookies come from 244 countries and territories, most from Brazil, India, the United States and Mexico; Italy is in 19th place in this unenviable ranking, with more than 456 million leaked cookies, of which 24% are still active (compared to an average of 17% of those accessed due to this leak).
In Europa, the most affected country was Spain, with 554 million cookies in total; the UK fared slightly better than us (it’s 21st in overall cookie quantity) but in some ways even worse, because over half of the stolen cookies were still active. That is, they still retained all the information within them.
More than 2.5 billion of the stolen cookies come from Google (which by the way has already announced the intention of abandon these tools tracking), nearly 700 million from YouTube and more than half a billion from Microsoft and Bing.
What do hackers do with cookies?
The question is legitimate. For us ordinary users, cookies are just those unspecified things that we boringly need accept more or less every time we connect to a site, but for hackers they are one of the most used access points to steal data and get their hands on sensitive information: “If a hacker takes possession of our active cookies, they may not need to know their username, password or multi-factor authentication systems to take control of our accounts,” he explained Adrianus Warmenhoven, cybersecurity consultant by NordVPN.
As we know, cookies are used in some way to keep our connection active (our session) with a site: when we log in with a password and multi-factor authentication system, the server assigns us a cookie; when we return with that same cookie, we are recognized and are no longer asked for the same information again.
If a cookie is stolen while still active, the thief could easily access the account to which he is connected, even without a password or other authentication system; furthermore, cookies may also contain sensitive information such as names, geographical position, sexual orientation, size and so on. The fact that only 17% of the cookies that ended up on the Dark Web were active does not mean, among other things, that we can rest assured: both because it still involves almost 10 billion cookies and because Inactive cookies are not entirely harmlessbecause they can still violate user privacy and also be used by hackers to store information for later use.
As explained by NordVPN experts, the main category (10.5 billion) of stolen cookies is type Assigned ID (i.e. general identification), followed by Session ID (i.e. session identifier, 739 million): these cookies are assigned or connected to specific users to keep their sessions active or identify them on the site in order to provide services; immediately afterwards they are there authentication cookies (154 million) and logins (37 million).
Name, address mailaddress in the world, city of origin and password various personal information were most commonly stolen thanks to theft: “If you combine all these details together with age, size, gender and sexual orientation, a very intimate image of the user can be traced, perfect for launching offensive or well-defined scams.” structured,” Warmenhoven noted. Which is what we also remembered on Italian Tech talking about “Hi dad, I broke my phone” scam: the cybercriminal’s aim is not so much to steal a single piece of information, but to have enough of it build a believable story on which to base possible and foreseeable future attacks.
Artificial intelligence
Stealing data from ChatGPT, using ChatGPT: how AI reveals people’s names, surnames, faces and addresses
by Emanuele Capone
How to protect yourself from cookie theft?
As always online (but not only), There are no one-size-fits-all solutions and prevention is better than cure: from NordVPN they recalled an always valid advice, that is, “regularly delete cookies to minimize the data that could be stolen” (browsers allow you to do this easily) and also “be aware of the files that are downloaded and sites visited”, because “the right amount of vigilance can reduce risks”.
From the company, which thrives on cybersecurity, they also pointed out that “use tools like Threat Protection NordVPN can help block dangerous sites, scan downloaded files for malware, and block trackers, programs that monitor user behavior, protecting you from illicit data collection and data theft.” Of course they say it, because it’s their job to say it. But it also makes sense that they say that, because tools like a good VPN they are in fact capable of allowing a safer browsing experience.
#billion #cookies #stolen #worldwide #million #Italy #hackers
– 2024-04-06 05:17:51
