A new report has uncovered that billions of stolen browser cookies, or small data files used by websites to manage sessions and logins, are circulating on the dark web. These files, often overlooked by users, are being exploited by cybercriminals in growing numbers.
The research estimates that around 94 billion cookies are currently available in dark web markets. A large portion, about 42 billion, was harvested by Redline, a well-known type of malicious software designed to steal data. Fortunately, most of these are no longer usable, with only about 6% still active.
Other malware families, such as Vidar and LummaC2, have also contributed billions of stolen cookies; however, only a small percentage remain active. The exception is CryptBot, which managed to steal 1.4 billion cookies, and shockingly, over 80% of those are still valid. This makes it particularly dangerous, as these cookies can be used immediately by attackers.
This isn’t the first time such a threat has been flagged. In 2024 alone, 54 billion stolen cookies were found worldwide, and the trend appears to be accelerating.
The content of these cookies often includes sensitive data. Common terms found in the stolen files include “ID,” “session,” “Auth,” and “login,” indicating that many could allow attackers to take control of active user sessions. With this access, criminals don’t need usernames or passwords to break into accounts.
The risks are serious. Stolen cookies can allow hackers to bypass security checks, hijack social media profiles, evade two-factor authentication, and even access online banking or business platforms. In short, what might seem like a harmless file saved by your browser could be a backdoor for cybercrime, especially if it’s still active and tied to your online identity.