Cookies are a familiar part of modern browsing, powering everything from saved logins to personalized settings. But according to a new Kaspersky report, they’re also a growing security risk. The study found that 87% of surveyed websites display cookie notifications, yet most users remain unaware of how these files can be exploited by attackers through a process known as session hijacking.

Cookies are small text files stored in browsers, often containing preferences, personal data, or even login credentials. If compromised, attackers can steal a user’s session ID and gain access to active accounts. Once inside, they could perform unauthorized actions such as retrieving payment information, placing fraudulent orders, or sending malicious communications.

Attackers have several methods to exploit cookie data. On unsecured HTTP sites or public Wi-Fi networks, session sniffing can intercept IDs in real time. Cross-site scripting (XSS) injects malicious code into a site to extract cookie data directly from the browser. Session fixation tricks users into authenticating with a pre-set session ID, allowing attackers to gain control after login. In practical terms, this could expose sensitive details such as shipping addresses, payment settings, or even lead to full account takeover.

“Cookies are the backbone of seamless online experiences, enabling everything from personalized settings to streamlined logins, but they’re also a target for hackers if not handled with care,” said Natalya Zakuskina, Senior Web Content Analyst at Kaspersky. “Without proper safeguards, attackers can exploit session IDs to hijack user accounts, steal sensitive data, or even manipulate website interactions, making it imperative for developers to prioritize security measures and for users to stay proactive in protecting their digital footprint”.

Also Read: KAUST Mathematical Model Tackles 5G Interference With Aircraft

Kaspersky advises users to avoid entering sensitive data on HTTP-based sites, minimize cookie acceptance, and regularly clear cookies and cache. Additional precautions include using VPNs on public Wi-Fi, enabling two-factor authentication, and steering clear of suspicious links.

With cookies underpinning so much of the digital economy, Kaspersky warns that ignoring these vulnerabilities could result not only in financial losses but also long-term reputational damage for individuals and businesses alike.