Skip to main content

Home Cookie theft

Cookie theft

Cookie theft definition

Cookie theft refers to a cyberattack where a hacker gets access to the user’s cookie data, small files websites store on the user’s device. Cookie theft (also called cookie hijacking) can result in the attacker gaining access to the user’s name, home address, telephone number, and other sensitive information.

Examples of cookie theft

  • Cross-site scripting (XSS) is a cyberattack where a hacker injects malicious code into a vulnerable website. After a user visits this website and a cookie is created, a hacker can use the cookie to impersonate the user and perform actions on the victim’s behalf.
  • A man-in-the-middle attack is a cyberattack where a hacker intercepts a connection between the user and the website. By accessing this type of communication, the attacker can steal the user’s cookie data and later impersonate the victim on that website.

How to defend against cookie theft

  • Practice proper cyber hygiene and delete cookies regularly. Set up your browser to do this automatically.
  • Keep software up to date. Various patches and bug fixes help plug the holes hackers may exploit in cookie theft attacks.
  • Use only encrypted networks. For example, use a VPN when using a public network.