A recent report by NordVPN has shed light on a disturbing trend in the cybercrime landscape: more than 93.7 billion cookies are being sold on the dark web and in Telegram-based marketplaces. These cookies, which store data from user sessions across the internet, pose a significant privacy and security risk.
According to the report, between 7% and 9% of these cookies are still active, meaning that attackers can potentially hijack ongoing sessions without needing usernames or passwords. Even more alarming, 90.2% of the cookies contain identifiable user information, and approximately 0.5% include sensitive data such as email addresses, passwords, and even location data.
Of particular concern are session cookies, which are used to maintain active logins across websites and services. The study found that around 1.2 billion session cookies—roughly 6% of the total—remain available for purchase. If exploited, these could allow cybercriminals to bypass login systems and impersonate users on platforms ranging from social media to online banking.
The findings, first reported by The Register, highlight the growing need for stronger cyber hygiene, such as regular cookie clearing, two-factor authentication, and the use of VPNs and password managers.
