NordVPN has added hijacked-session alerts to its Threat Protection Pro package, aimed at protecting user data from being sold on the dark web.
From our testing, we rank NordVPN to be the best VPN overall, and its additional cybersecurity features are one of the reasons we rate it so highly.
Threat Protection Pro protect users from threats by blocking ads, trackers, malware, and phishing domains. It has been rated as the best VPN malware protection, and the new hijacked-session feature will alert users if their current browsing session is compromised.
NordVPN says this "rapid response" will help prevent identity theft and financial fraud before "significant damage occurs."
How do hijacked-session alerts work?
In its blog post, NordVPN says the hijacked-session feature "constantly checks and alerts users when their login session cookies come up for sale on the dark web."
If compromised, you will receive an immediate notification, enabling a quick response.
Cookies can contain information relating to your login information, such as email addresses and passwords, and hackers can utilise various malicious techniques to get hold of them.
Threat Protection Pro monitors your authentication cookies, privately and anonymously, during browsing sessions on popular websites.
Whether or not the browser uses an authentication cookie is then checked. The cookie is "hashed" and scanned against known threats and existing compromised hashes. If a match is found on the user's device, a warning notification is sent and users are advised to log out, and change the passwords, of all compromised accounts.
NordVPN says "full session cookie information never leaves the user's device" and this is done to protect privacy.
However, the monitoring of cookies does raise some questions. How do users, and their browsing activity, remain private? And how does this feature work alongside NordVPN's strict and verified no-logs policy?
Tom's Guide has reached out to NordVPN for clarification.
NordStellar threat intelligence powers the feature through continuous dark web monitoring. NordVPN says it "maintains a database of 130 billion cookies from the darknet for reference scanning."
The provider continued by saying that leaked cookies are detected "without requiring sensitive user information like email addresses or passwords."
"Session hijacking is one of the most dangerous threats that internet users face today because it bypasses two-factor authentication protection," said Domininkas Virbickas, NordVPN Product Director.
"For example, users can log into a well-secured website like a social media platform, pass 2FA verification, but have their session cookie stolen. These cookies often remain valid for 30 days, giving hackers more than enough time to use accounts and cause significant damage."
What to do if you receive a notification
If you do receive a notification saying your session has been hijacked, the first – and most crucial – step is to change the password and login details of the account in question.
Threat Protection Pro will provide you with a guided response plan. It offers step-by-step information on how to deal with a data breach, mitigate its risks, and take action.
You should also monitor your bank account and any other sites and platforms containing sensitive or valuable information. Report any suspicious activity and secure these accounts if you feel you need to.
We recommend enabling two-factor authentication (2FA) on all accounts, especially those containing sensitive information. 2FA provides an extra layer of security and, once enabled, you'll often receive a text message to confirm an account log in.
Hackers can use a session cookie to bypass these checks, but they're still an important factor in maintaining good cybersecurity practices. Using one of the best password managers can also help you generate and store secure and complex passwords.
"Users need to act fast and immediately change passwords on the affected website and log out from all devices when they receive an alert," said Virbickas.
"Speed remains essential because malicious actors work quickly to exploit stolen credentials before victims can respond."
How to enable hijacked session alerts
To enable hijacked session alerts, you must do the following:
- Open your NordVPN app
- Select Threat Protection Pro tab on the left hand side
- Click Advanced browsing protection (turn it on if you need to)
- Toggle Hijacked session alert on/off
Threat Protection Pro is included on all NordVPN plans from NordVPN Plus and above.
A two-year NordVPN Plus plan works out at $3.99 per month ($107.73 up front pre-tax). It comes with an additional three months of free protection and a 30-day money-back guarantee so you can try it out risk free.
You'll also get your hands on the NordPass password manager. This joins core VPN features such as 900+ Mbps speeds, protection for 10 devices, and Double VPN.
Follow Tom's Guide on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
