Cookiejacking is a form of hacking wherein an attacker can gain access to session cookies of an Internet Explorer user. Discovered by Rosario Valotta, an Internet security researcher, the exploit allows an attacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen. Although Microsoft deemed the flaw low-risk because of "the level of required user interaction", and the necessity of having a user already logged into the website whose cookie is stolen, Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.
- Finkle, Jim (2011-05-25). "Microsoft latest security risk: 'Cookiejacking'". Reuters. Retrieved 26 May 2011.
- Whitney, Lance (2011-05-26). "Security researcher finds 'cookiejacking' risk in IE". CNET. Retrieved 26 May 2011.
- Anonymous, 2011. Cookiejacking Attack Steals Website Access Credentials. Informationweek - Online, pp.Informationweek - Online, May 26, 2011.