Security News > 2024 > February > PayPal files patent for new method to detect stolen cookies
"The theft of cookies is a sophisticated form of cyberattack, where an attacker steals or copies cookies from a victim's computer onto the attacker's web browser," PayPal says in the patent application.
"With stolen cookies often containing hashed passwords, the attacker can use a web browser on the attacker's computer to impersonate the user and gain access to secure information associated with the user's account without having to manually login or provide authentication credentials," it is further explained.
"A cookie value for each storage location is retrieved from the device. For each storage location after the firs: an expected cookie value is calculated based on the cookie value of a preceding storage location," reads the abstract of the patent application.
PayPal's patent describes a method that aims to defend against cyberattacks by ensuring that cookies are used legitimately during the authentication process.
The electronic payments giant filed the patent titled "Super-Cookie Identification for Stolen Cookie Detection" in July 2022, and it was published by the United States Patent and Trademark Office earlier this month.
As with all patents, there's no guarantee that the tech described in the document will reach consumer portals, in that form or another, but it shows that stolen web cookies for unauthorized logins are enough of a problem to deserve new protection mechanisms.