Cookiejacking is a form of hacking wherein a hacker can gain access to session cookies of an Internet Explorer user. Discovered by Rosario Valotta, an Internet security researcher, the exploit allows a hacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen. Although Microsoft deemed the flaw low-risk because of "the level of required user interaction", and the necessity of having a user already logged into the website whose cookie is stolen, Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.
- Finkle, Jim (2011-05-25). "Microsoft latest security risk: 'Cookiejacking'". Reuters. Retrieved 26 May 2011.
- Whitney, Lance (2011-05-26). "Security researcher finds 'cookiejacking' risk in IE". CNET. Retrieved 26 May 2011.