Internet Explorer was found to have a flaw that allows hackers to steal cookies to access their accounts on some websites. The bug was found by a security researcher Rosario Valotta who said it could let hackers steal credentials to access FaceBook, Twitter and other websites.
"Any website. Any cookie. Limit is just your imagination," said Valotta, an independent Internet security researcher based in Italy.
Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email
As a perpetrator access the cookie they can use it to access the same site concludes Valotta who dubs the technique as "cookiejacking."
The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.
To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked.
While it may sound like a difficult task, Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman.
"I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends."