# Protecting against exposed cookies

If you received an email about an exposed session cookie, Stripe detected that a cookie used to access your account was compromised. To protect your account, we invalidate the cookie and sign you out of all affected sessions.
This type of exposure typically happens due to malware or viruses on your device that can capture browsing data, including session cookies.
### What are session cookies?
Cookies are small pieces of data that websites place on your device when you visit them. Session cookies are a specific type of temporary cookie that:
* Are created when you log into a website
* Act as a digital access key to keep you authenticated
* Allow you to navigate between pages without having to log in repeatedly
* Contain sensitive authentication information and allow you to authenticate to the Stripe Dashboard
## Recommended actions
### **Scan for malware and viruses**
* **Windows users**: Run a full system scan using Windows Defender or another trusted antivirus program.
* **Mac users**: Use built-in security features or trusted security software. Make sure your device is up to date.
* **Mobile users**: Scan your device with a reputable security app.
### **Check your account for unauthorized activity**
* Review any recent account activity in your Stripe Dashboard
* Look for any transactions, settings changes, or API requests you don't recognize
* Check connected applications and API keys
### **If I received this email, does this mean my account has been compromised?**
Not necessarily. We proactively monitor for exposed session cookies and take preventive measures when we detect potential risks. By invalidating the exposed cookie and logging you out, we've helped prevent unauthorized access to your account. We recommend checking your account for any suspicious activity.
### **How do session cookies get exposed?**
Session cookies can be exposed through:
* **Malware or viruses** that monitor your browsing activity
* **Man-in-the-middle attacks** where someone intercepts your connection
* **Cross-site scripting attacks** that steal cookie information
### **Does this affect my ability to process payments?**
No. This security measure only affects your login sessions. Your ability to process payments remains unaffected.
### **What steps should I take to prevent this in the future?**
To enhance your security:
* Keep your devices free from malware by running regular scans
* Update your operating system and browsers to the latest versions
* Use trusted networks or a VPN when accessing sensitive accounts
### How did Stripe detect potential malware on my device?
Stripe doesn't directly scan or probe your devices for malware. Similar to how companies detect compromised passwords, we work with security partners who monitor for exposed session cookies that appear in known data breaches.
When your session cookie appears in these monitored datasets, we're automatically notified that it may have been compromised, likely through malware on a device. This detection happens through external security monitoring, not by analyzing your actual device.
### **How do I know if my device has malware?**
Signs that your device might have malware include:
* Unusually slow performance
* Unexpected pop-ups or advertisements
* Programs starting or closing automatically
* Changes to your browser's homepage or search engine
* Mysterious new browser toolbars or extensions
* Unusual network activity or data usage
### **Should I be concerned about my other online accounts?**
We recommend reviewing security on all your important accounts when you've experienced a security incident. Consider changing passwords and enabling two-factor authentication on critical accounts, especially if you use the same device to access them.