In recent research, cybersecurity company NordVPN found that hackers stole nearly 94 billion browser cookies, a 74% increase from last year. Cookies make browsing easier by saving things like logins and preferences. But now, criminals use them to break into accounts and steal personal information. Even worse, over 20% of the stolen cookies still work, which means they can now be used to access real people’s online accounts.
Cookies store data like login credentials and session information to streamline online experiences. In the wrong hands, they act like digital keys, letting attackers enter accounts without a username or password.
“Cookies may seem harmless, but they’re a growing threat,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “Hackers use them to gain direct access to people’s accounts and information.”
Cookies are being stolen globally, affecting over 250 countries, with a major impact in Brazil, India, Indonesia, and the U.S. Europe saw high numbers too, especially Spain and the UK, which had a notably high rate of active stolen cookies. The true scale might be even larger due to untracked data.
The report also found dramatic increases in other forms of exposed data: 18 billion assigned IDs, 1.2 billion session IDs, and millions of login credentials, authentication tokens, and personal details like names, email addresses, and physical locations. This data is valuable for identity theft, fraud, and other malicious activity.
Behind these breaches are 38 different types of malware, over three times more than the year before. In the leading positions are Redline (41.6B cookies stolen), Vidar (10B), and LummaC2 (9B), all designed to harvest browser data. Researchers also discovered 26 new malware variants, including RisePro, Stealc, Nexus, and Rhadamanthys, many of which are built to evade antivirus tools and steal credentials quickly.
How to protect yourself
While the risks are real, staying safe online does not have to be complicated. A few basic habits can go a long way in protecting your accounts and personal information from hackers.
- Use strong, unique passwords for every account.
- Turn on multifactor authentication (MFA).
- Avoid clicking on suspicious links or downloading unknown files.
- Keep your software and devices updated.
- Regularly clear your browser cookies and site data.
“Many people close their browser and assume they’re safe. Those sessions often remain valid,” Warmenhoven explains. “Taking just a few simple steps can dramatically reduce your risk of being targeted by cybercriminals.”
Methodology
The data was analyzed by NordStellar, a threat exposure management platform. The research was conducted between April 23 and April 30, 2025. The researchers used data gathered from Telegram channels where hackers advertise what stolen information is available for sale. This led to a dataset of information about over 94 billion cookies. Researchers analyzed whether the cookies were active or inactive, which malware was used to steal the cookies, which country they were from, as well as what data they contained concerning the company that made the cookie, the user’s OS, and keyword categories assigned to users. NordVPN did not buy stolen cookies, did not access the contents of the cookies, and only examined what types of data were contained within them.
