Skip to main content

Hackers are using cookies to sidestep two-factor authentication

“Cookie stealing” is among the latest trends in cybercrimes that hackers are using to bypass credentials and access private databases, according to Sophos.

Typical security advice for organizations has been to move their most sensitive information to cloud services or to use multifactor authentication (MFA) as a safety means. However, bad actors have figured out how to swipe cookies connected to login details and replicate them to hack the active or recent web sessions of programs that are not commonly refreshed.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

These hackers are able to exploit several different online tools and services, including browsers, web-based applications, web services, malware-infected emails, and ZIP files.

The most insidious aspect of this style of hacking is that cookies are so widely used that they can help nefarious users access systems even if safety protocols are in place. Sophos noted that the Emotet botnet is one such cookie-stealing malware that targets data in the Google Chrome browser, such as stored logins and payment card data, despite the browser’s affinity for encryption and multifactor authentication.

On a broader scale, cybercriminals can purchase stolen cookies data, such as credentials from underground marketplaces, the publication said. The login details for an Electronic Arts game developer ended up on a marketplace called Genesis, which was reportedly purchased by the extortion group Lapsus$. The group was able to replicate EA employee login credentials and ultimately gain access to the company’s networks, stealing 780 gigabytes of data. The group collected game and graphics engine source code details that they used to try to extort EA.

Similarly, Lapsus$ hacked the databases of Nvidia in March. Reports claimed the breach might have revealed the login information of more than 70,000 employees, in addition to 1TB of data from the company, including schematics, drivers, and firmware details. However, there is no word as to whether the hack was due to cookie stealing.

Other cookie-stealing opportunities might be easy to crack if they are software-as-a-service products, such as Amazon Web Services (AWS), Azure, or Slack. These can start with hackers having basic access but tricking users into downloading malware or sharing sensitive information. Such services tend to remain open and running persistently, meaning their cookies don’t expire often enough to have their protocols to be sound security-wise.

Sophos notes that users can regularly clear their cookies to maintain a better protocol; however, that means having to reauthenticate each time.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

Read more
Hackers’ Cyber Monday deals will be unbelievably good
An Illustration shows a programmer busy with a laptop and several monitors.

Cyber Monday is one of the biggest shopping days of the year, following Black Friday, and since the reason for the sale day is to push online shopping, you should be particularly wary about hackers creating fake deals that seem unbelievably good. If it sounds too good to be true, it probably is.

Despite our best instincts, it's hard to pass up a huge discount on an exciting present and as the year starts winding down to the end, the pressure is on to find a nice gift to give your loved ones for the holidays. This adds up to a perfect recipe for hackers to take advantage of eager shoppers with an enticing bargain.

Read more
Twitter’s SMS two-factor authentication is having issues. Here’s how to switch methods
A person's hands holding a smartphone as they browse Twitter on it.

It might be a good idea to review and change your two-factor authentication options for Twitter. Elon Musk's Twitter has another issue for its users to worry about.

Twitter has reportedly been having issues with its SMS two-factor authentication feature (2FA). According to Wired, beginning as early as this past weekend, some Twitter users have reported difficulties logging in to their Twitter accounts due to the app's SMS 2FA feature not working properly. Essentially, the feature relies on the app sending users an authentication code via text message, which they can then enter as a second step in the login process.

Read more