According to the latest research by cybersecurity company NordVPN, South Africa has landed a troubling spot on the global leaderboard for leaked cookies, ranking 35th out of 253 countries. 546 million cookies linked to South African users have been found on the dark web.
Although cookies are commonly seen as helpful for improving online experiences, many don’t realize that hackers can exploit them to steal personal data and access secure systems.
Cookies are small text files that websites store on a user’s browser to remember preferences, login details, and browsing behavior. They play a vital role in making online experiences smoother, helping websites load faster, keeping shopping carts full, and allowing users to stay logged in across sessions. Without cookies, the convenience and personalization of the modern web would be severely limited.
“Cookies may seem harmless, but in the wrong hands, they’re digital keys to our most private information,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide.”
However, as the digital landscape evolves, so does the misuse of these tools. Cybercriminals have learned to harvest cookies to hijack sessions, steal identities, and bypass security measures.
“Most people don’t realize that a stolen cookie can be just as dangerous as a password,” says Warmenhoven. “Once intercepted, a cookie can give hackers direct access to accounts and sensitive data, no login required.”
Millions of pieces of personal data exposed
NordVPN’s research reveals a massive malware operation that stole almost 94 billion cookies— a dramatic jump from 54 billion just a year ago, marking a 74% increase. Even more concerning, 20.55% of these cookies are still active, posing an ongoing risk to users’ online privacy. Most stolen cookies came from major platforms, including Google (4.5 billion), YouTube (1.33 billion), and over 1 billion each from Microsoft and Bing.
The stolen information often included full names, email addresses, cities, passwords, and physical addresses — key personal data that can be used for identity theft, fraud, and unauthorized account access.
The data was harvested using 38 different types of malware, more than triple the 12 types identified last year. The most active strains were Redline (41.6 billion cookies), Vidar (10 billion), and LummaC2 (9 billion). These malware families are known for stealing login details, passwords, and other sensitive data.
In addition to these known threats, researchers discovered 26 new types of malware not seen in 2024 — a sign of how quickly the cybercrime landscape is evolving. New entries like RisePro, Stealc, Nexus, and Rhadamanthys are especially dangerous.
The stolen cookies came from users in 253 countries. South Africa ranked 35th in total volume, with 9.35% of the cookies being active. However, that still represents over 51 million cookies tied to real user activity — a massive potential exposure.
“Even a small percentage of a huge dataset is massive,” says Warmenhoven. “That’s millions of people potentially exposed to cybercrime.”
Easy ways to protect your data from cyber threats
Stay vigilant online to protect yourself from the risks posed by data breaches and malware. Start by using strong, unique passwords for every account and enabling multifactor authentication (MFA) whenever possible. Additionally, be cautious about sharing personal information and avoid clicking on suspicious links or downloading unknown files.
Another crucial step is keeping your devices up to date. This can help block harmful malware before it can compromise your system. Regularly cleaning your site data is also essential. Many users don’t realize that active sessions may persist even after they close their browser. Clearing this data helps reduce the window of opportunity for unauthorized access. Lastly, always check the privacy settings on your online accounts to ensure you only share information with trusted services.
“Usually, people close the browser, but the session is still valid, and the cookie is still there. If you never clean that site data, that session will be valid for as long as the site owner deems it secure,” says Warmenhoven.
“Taking basic precautions like using strong passwords, enabling MFA, and staying alert online can significantly reduce the risk of falling victim to cyberattacks. It’s a small investment of time that can protect you from big threats.”
