VANTAPRISM

Live Threat Pulse: 2,847 threats detected in last 24h

menu_book Tactic

Session Hijacking

Also known as: Session theft, Cookie hijacking

Session hijacking is the takeover of an authenticated session by stealing and reusing its session token or cookie. Because the session is already authenticated, attackers can bypass passwords and multi-factor authentication entirely — a key reason infostealer-stolen cookies are so valuable.

What is session hijacking?

When a user logs in, the service issues a session token (often stored as a browser cookie) that keeps them authenticated. Session hijacking is the theft and reuse of that token: an attacker who imports a valid session cookie into their own browser is treated as the logged-in user — no password or MFA required.

How infostealers enable session hijacking

Infostealers export browser cookies wholesale, including active session cookies. These are then sold within stealer logs. As long as a stolen session remains valid, it can be replayed, which is why session hijacking via stolen cookies is one of the most effective MFA-bypass techniques in use today.

Defending against session hijacking

Mitigations include short session lifetimes, binding sessions to device or network signals, prompting re-authentication for sensitive actions, monitoring for anomalous session use, and revoking sessions immediately when compromise is suspected.

How VantaPrism Tracks Session Hijacking

VantaPrism surfaces stolen session cookies found in infostealer logs, so security teams can force session revocation and re-authentication before a hijacked session is abused.

Check Your Exposure arrow_forward

Frequently Asked Questions

Can session hijacking bypass MFA?

expand_more
Yes. A stolen, valid session token represents an already-authenticated session, so replaying it skips both the password and the MFA step.

How do I protect against session hijacking?

expand_more
Use short session lifetimes, bind sessions to device/network context, require re-authentication for sensitive actions, and revoke sessions when a device may be compromised.

Related Terms

Cookie Theft arrow_outward

Cookie theft is the stealing of browser cookies — especially authenticated session cookies — so attackers can imperso…
Account Takeover (ATO) arrow_outward

Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…
← All Glossary Terms Last reviewed: June 2026