For weeks, Bob Diachenko, has been trying to convince a cloud provider to intervene and take down a malware group's server that was leaking hundreds of thousands of stolen passwords and millions of authentication cookies. The data was leaked via an Elasticsearch server left exposed online without password. This Elasticsearch server is believed to be one of these data lakes, where crooks were aggregating their stolen information. Racoon (RaccoonStealer) is fairly typical Malware-as-a-Service where for $75-$200 per month you get access to the toolkit to generate malware payloads and a backend website to administer your campaign from. It is designed to steal login credentials, credit card information, cryptocurrency wallets, and browser information. In the leaked data, we found credentials and cookies for email accounts, social media profiles, work applications, and even government portals. Of the entire data collected in the server, the most prevalent were authentication cookies, collected in the millions, rather than passwords, which were only hundreds of thousands. « Auth cookies » allow intruders to access victim accounts without needing to authenticate using usernames and passwords and even bypass any two-step verification process that victims might have had in place. While Diachenko has been fighting for weeks with poor success to get the cloud provider to intervene and take down this malware gang's data, this server .. mysteriously disappeared ..

https://therecord.media/malware-group-leaks-millions-of-stolen-authentication-cookies/