diff --git a/daemon/cookie.cc b/daemon/cookie.cc
index d6d87ea9e9..72ab02c36b 100644
--- a/daemon/cookie.cc
+++ b/daemon/cookie.cc
@@ -68,7 +68,7 @@ nlohmann::json Cookie::toJSON() const {
     ret["ewouldblock"] = ewouldblock;
     ret["aiostat"] = to_string(cb::engine_errc(aiostat));
     ret["refcount"] = uint32_t(refcount);
-    ret["engine_storage"] = cb::to_hex(uint64_t(engine_storage));
+    ret["engine_storage"] = cb::to_hex(uint64_t(engine_storage.load()));
     return ret;
 }
 
diff --git a/daemon/cookie.h b/daemon/cookie.h
index 559564697e..0392f230f6 100644
--- a/daemon/cookie.h
+++ b/daemon/cookie.h
@@ -687,8 +687,10 @@ class Cookie : public CookieIface {
      * Pointer to engine-specific data which the engine has requested the server
      * to persist for the life of the connection.
      * See SERVER_COOKIE_API::{get,store}_engine_specific()
+     * Atomic so it can safely be read / updated from engine background threads
+     * in addition to front-end threads.
      */
-    void* engine_storage{nullptr};
+    std::atomic<void*> engine_storage{nullptr};
 
     /**
      * Log a preformatted response text
diff --git a/programs/engine_testapp/mock_cookie.h b/programs/engine_testapp/mock_cookie.h
index 0890d1dfd6..85f7e23017 100644
--- a/programs/engine_testapp/mock_cookie.h
+++ b/programs/engine_testapp/mock_cookie.h
@@ -144,7 +144,7 @@ class MockCookie : public CookieIface {
 protected:
     static CheckPrivilegeFunction checkPrivilegeFunction;
 
-    void* engine_data{nullptr};
+    std::atomic<void*> engine_data{nullptr};
     uint32_t sfd{};
     bool handle_ewouldblock{true};
     bool handle_mutation_extras{true};