Cookie theft, or sidejacking, as it is known in the digital world isn’t a new form of digital attack, but has become more widely addressed by companies looking to stop their clients’ accounts from being hacked. Here’s what you need to know to stay safe, and keep your company’s digital files safe.
What is Cookie Theft and Sidejacking?
Cookie theft, or sidejacking is a term that was coined to describe the process of hackers stealing unencrypted information from others. They can accomplish this by either reading and copying network traffic, installing malware, or cross-site scripting. If a hacker can do this successfully, they are able to access someone’s account and take control of it.
For example, let’s say an individual is working on their computer at Starbucks or an airport (somewhere with public wifi), and during that time they log into their Slack account, Facebook, and check in on their Amazon purchases. Now, when you go to a website, you’re often asked to log in with a password. When you do, the website assigns you a cookie. Think of this cookie as your entrance ticket to the amusement park – once you show it at the door, you can go on any ride without presenting it again. The cookie you are assigned allows you to comment on your friend’s status or order something new without being asked to log in over and over. Now, when you put in your username and password, that is encrypted. However, the cookie that a website sends back is not. So when you’re already logged in and browsing a site, someone who is experienced can look at any unencrypted data within the shared wifi. They may copy the “cookie” and then use it. With your cookie they can go to that site and pretend to be you, buying things on amazon or changing your Facebook.
A hacker can also accomplish this by sending emails or text messages with malware, which is software designed to uncover private information, like passwords and usernames. Once your password and username is taken, they can wreak havoc on your account.
How to Prevent Cookie Theft and Sidejacking
While individuals have to worry about this on a daily basis, the greater burden is on businesses. When a client uses your website or your employee’s access information pertaining to the company and they are unknowingly being hacked this is a problem. It is your responsibility to keep your websites as safe and encrypted as possible to prevent this from happening. This can also happen in offices where multiple people are logging into the building’s wifi every day to complete their work.
A good idea is to keep your staff educated and aware of internet safety. Keep them up-to-date on new ways of hacking and new trends in cyberattacks. They should be wary of emails with links or from addresses they don’t know. You should also encourage your staff to change their passwords for any work-related accounts every few months. Passwords should be secure. The websites they are using should have encryptions or other forms of digital security to prevent hackers from accessing your most intimate accounts.
If your cybersecurity needs an update to prevent cookie theft, call Internal Computer Services at 804-672-1057 and speak to an expert who can help personalize a plan that works for you and your business. We’ve had over 30 years of experience working with companies large and small across the northeast, and we can make sure that your business has all the safety precautions necessary.