What are Cookies?

Cookies are small data files stored on your computer by websites that you visit. They serve several helpful purposes, such as allowing you to stay logged into websites without needing to re-enter your username and password each time you visit. Cookies also remember your site preferences and track your online activities, which helps website administrators understand user behavior and improve the website's design and functionality based on the most visited pages.

However, while cookies improve user experience, they also pose security risks. For example, imagine you frequently stay logged into your social media accounts to avoid the hassle of logging in each time. If a cybercriminal manages to steal the cookies associated with your social media accounts, they can potentially gain unauthorized access to your accounts. This type of attack, known as session hijacking, involves the attacker using stolen cookies to impersonate you on the web. This could lead to unauthorized actions being taken on your behalf, exposure of personal information, or even financial loss if payment details are stored within your account settings.

Simple fact: hackers love hijacking people's social media accounts. They provide a whole range of opportunities for those people who make a living by stealing personal data, breaking into bank accounts, scamming people out of their savings, and even stealing identities. Social media accounts are kind of a goldmine for hackers. And they’re easier to break into than you might think. How?? What?? Why??

Remember those cookies we mentioned earlier?

You‘ve probably noticed that you stay logged into your social media accounts for weeks on end. Open up your Facebook page right now, and chances are it’ll open on your feed right away. You won't have to spend valuable seconds signing in and trying to remember your password. This is actually true of most of your online accounts, except those holding very sensitive information, like your bank.

The time from one log-in to the next, which can be several weeks, is called a session. A session is NOT the 10 minutes you spent on Facebook over breakfast this morning, but the total period of time you’re logged in. Now, it’s kind of important to understand why sessions matter. But if you don’t want to read any technical stuff - just skip ahead.

How do sessions work?

This is where things get a little bit technical, but we’ll keep it quick and simple, and you know what - let’s stick with the example of Facebook for the rest of our explanation.

So you’ve just signed into your account with your username and password. To make it extra convenient for you to come back as often as possible, Facebook sends your browser what’s called a session cookie. Your browser may be Google Chrome or Microsoft Edge - they all get a cookie. But what’s a cookie? Well, think of it like a token, or a memo.

With this cookie, Facebook tells your browser: “Hey, here’s a piece of code to remind you that this person is logged in to Facebook. Next time they click on Facebook just send them straight to their feed - no need to ask them to log in. Love and kisses - Facebook.“

The session cookie doesn’t actually hold your log-in details, it just provides instant access to your Facebook account - or any other account that uses the same technology. And that’s great! Really useful and super convenient. Unless, of course, someone knows how to get their hands on your cookies. And that’s just what hackers know how to do, and they have all kinds of ingenious ways of doing just that.

We’re not going to explain here the methods hackers employ - they really are very technical - but suffice it to say that when they DO get hold of your session cookies, they also get access straight to your Facebook account. They don’t need your username or password, and they bypass any 2FA. They go straight in. And that’s where the problems really start.

Ok, so what happens when session cookies get stolen?

In short, a hacker has complete access to your Facebook account - or whichever online account they managed to break into. This means they can steal any data they find there: personal information, photos, contacts, and so on.

Next, they will most certainly change your password, lock you out of your own account, and then hijack it. In other words, they are now in charge of your account, and there is nothing you can do about it.

They can also steal your password, and the danger here is twofold. Firstly, most of us still use the same password for multiple accounts. So, if a hacker has your Facebook password, they will use your email address and Facebook password to try and break into as many other accounts as they possibly can. Secondly, they can lock you out of your own account and then hijack it. In other words, they are now in charge of your account and there is nothing you can do about it.

Remember also that social media accounts are often interconnected. If your Facebook account is compromised, your Instagram and Whatsapp accounts may be next. And what about all the sites you log in to using Facebook?

So this is kind of serious?

Well, let’s just recap the situation right now:

  • a hacker has control of your account.

  • The same hacker also has access to any connected accounts (including any that you use Facebook to sign in to.)

  • They’ll use your personal information to run phishing attacks against you and your close contacts.

  • They can use your social account to post fake, malicious content designed to scam anyone who falls for it.

  • If you have a Facebook Ads budget they will use it to boost malicious content.

  • They may try and blackmail you, or demand money for the return of your account.

  • If you have a credit card connected to your account (paying for Ads, or if you like to shop online), then they now have access to that too.

And all this time, your reputation is crumbling away, which is bad enough on a personal level, but if you use social media to make an income, it can be catastrophic. Your account is gone. Your money and your personal data are at risk. You’re now vulnerable to identity theft. And not only that, but people you know and who follow you on social media are also now at risk - because they follow your account!

So what’s the solution?

Glad you asked. Guardio has developed an amazing new patented security solution that stops your account from being stolen via your browser.

Remember we mentioned that Facebook sends your browser a cookie with a piece of code? What Guardio does is, it takes that piece of code from the cookie, and secures it. Hackers know exactly where and how to find the cookie. But now, they can’t get their hands on the information they need. Guardio is protecting it. The cookie is now worthless to the hacker.

How do I get this protection?

If you’re a Guardio Premium customer, then great news! You already have this protection. You don't actually have to do anything. But we recommend you go to Account Protection in your Guardio account and check which of your online accounts are protected. We’ll be expanding the protection to way more sites and platforms over the coming months.

If you’re not a Guardio Premium customer, then you can sign up and start your 7-day free trial now.

Apr 25, 2020

Always on the ball

Always on the ball, keeping me secure, day and night!

3 Reviews

Allen J. Exelby

Apr 26, 2020

Click Bait

It's good to know that some of the click bait which gets my attention is connected to a sketchy web site. I need the re-affirmation that I have ignored my common sense

1 Reviews

Jim Capillo

May 8, 2020

Spending money the right way!

Spending money the right way! Guardio makes sure every website i visit is safe and brings me back to safety when it isn't. Best Decision ever made!

1 Reviews

Reneja Rasberry