Share this story
Close X
Switch to Desktop Site

How 'cookiejacking' could steal people's Facebook passwords

(Read article summary)


(Read caption) Cookiejacking could hijack your Facebook log-in credentials.

About these ads

A new hacking scheme called "cookiejacking" could expose a person's usernames and passwords for Facebook, Twitter, and countless other websites, says Rosario Valotta, an Internet security researcher.

Most websites that require you to log in will save your online credentials as "cookies." These small browser files can contain anything from passwords and site preferences to the contents of an online shopping cart. Cookiejacking, according to Mr. Valotta, lets hackers steal those cookies and get away with your personal information.

"Any website. Any cookie. Limit is just your imagination," Valotta told Reuters.

Cookiejacking only works against people using Internet Explorer, he says. But all versions of the browser, including the latest edition of IE 9, are vulnerable.

There is, however, a very big catch: To access your cookies, a hacker must design a website or game that convinces you to drag an object from one side of the screen to the other. For example, Valotta "built a puzzle that he put up on Facebook in which users are challenged to 'undress' a photo of an attractive woman," reports Reuters. Once players move the digital clothing, they unwittingly trigger the cookiejacking trap.


Page:   1   |   2

Follow Stories Like This
Get the Monitor stories you care about delivered to your inbox.