PayPal has submitted a patent application for a new method to detect when a “super-cookie” is stolen, aiming to enhance cookie-based verification and reduce account takeover incidents.

PayPal aims to mitigate the danger of hackers obtaining cookies with authentication tokens to gain unauthorized access to victim accounts and evading two-factor authentication (2FA).

PayPal describes cookie theft as a complex cyberattack in which an attacker takes or duplicates cookies from a victim’s computer to their own web browser.

The attacker can use stolen cookies, which may include hashed passwords, to impersonate the user or authenticated device using a web browser on the attacker’s computer. This allows the attacker to access secure information linked to the user’s account without the need to log in or provide authentication credentials.