
Hackers use cookies to locate a person’s login credentials, according to an FBI report obtained by CBS News.
In the report, the bureau said a hacker named “Kermit” made a number of fraudulent login attempts to the IKEAC website using the “KeePass” software.
The FBI said the hacker’s login attempts, which included multiple attempts to log into the IHE website, were made using a password that included an unencrypted string that was used to generate a “cookie.”
IKEA told CBS News the hack was not related to a data breach, but instead, “some people were accessing and downloading files from other people’s IKEAs.”
The FBI also said Kermit used a different, more sophisticated method to find the login credentials for a number that did not belong to him.
The hacker also used the same technique to identify the device that was connected to the router, according the report.
The FBI noted that the IWEA website had been compromised twice in the past, and that Kermit made “multiple attempts to use the compromised IKEa login page in a different and unrelated attempt.”
The report says Kermit “has demonstrated that he can access, modify, and change data stored on the website.”
Kerimat also made several attempts to delete a number he was able to identify as his own password, but the FBI said that the number had not been deleted.
The report said the FBI has been unable to determine the extent of Kermit’s hacking capabilities, or the nature of his motivation for doing so.
CBS News’ Alexi Deardon contributed to this report.