While cookies pose a smooth online browsing experience they aren’t as secure as you might think. Since cookies store and collect data hackers can sometimes exploit this. While the information stored in cookies is not always relevant to personal information, you would be surprised what they can do with it.
One of the ways hackers can exploit cookies is cross-site forgery. This allows the hacker to force users into doing unwanted actions. With some help from social engineering (email or text with a link), hackers can trick users into executing actions of all sorts. A malicious website causes the user’s web browser to do unwanted things on authenticated sites. This works because browser requests include all cookies. So if the user is authenticated to the site, the site cannot tell if it is a real authentication request or a forged one.
Cookies used for an authentication process (signing in) can be easily exploited if the right security measures are not being addressed. If cookies are not sent via secure SSL/TLS channels then hackers can easily eavesdrop on network traffic and capture the cookies. This could result in hackers being able to legitimately log in to the user’s account on that browser/website.
Gaining control over someone’s cookies allows hackers to make unauthorized transactions. Not only does it allow this but now possible sensitive information is in their hands. These attacks are almost impossible to detect so always be aware of where you have cookies enabled or do not enable them at all.
Sources: