Is there anything we can do to protect ourselves with these account breaches?

[Malex]

Can you help me understand how it work?

Do they steal your cookies while we are logged in and able to re-use that cookies on somewhere else to login? I thought once you logged in the cookies is created and they took it? even if u are in incognito mode or clear ur cookies once you done browsing?

When you log in and check the "remember me" box a cookie/cookies will be created and stored on your pc, whenever you visit nulled again the cookies will be read and you will be automatically logged in.

My guess is that people have used cookiegrabbers to grab your cookies including your nulled cookies and used those cookies to get nulled to autologin to that user, clearing your cookies OR not checking the "remember me" box will probably be enough.

Please Login or Register to see this Hidden Content

[Pr1m3v1L]

It'll be good if we can implement some form of device activity tracking to track the devices that are logged into our accounts. This way we can keep track of our logins

 

For an interim measures, I'll suggest that we use a separate browser for links?

Example:

Assuming you use Chrome for Nulled, when you see an external link and you wish to view it, use another browser (Firefox, Opera etc) to view the link. It's a hassle but it grants us more security.

[TheresaMay]

 Yes, The exploit is well known I even have contacts who say they can do such a thing. If wanted I could try to report the method to finn. I think its just an exe or link that copies them to a remote DB then from that they can edit it in.

Edited by TheresaMay, 22 February 2019 - 04:25 AM.

[NewLurker]

It'll be good if we can implement some form of device activity tracking to track the devices that are logged into our accounts. This way we can keep track of our logins

 

For an interim measures, I'll suggest that we use a separate browser for links?

Example:

Assuming you use Chrome for Nulled, when you see an external link and you wish to view it, use another browser (Firefox, Opera etc) to view the link. It's a hassle but it grants us more security.

yeah this will work, at least help in some way,

 

Use tor browser for tumble your real ip too

[worlockt]

isn't another good solution, as nulled system detect change in IP, send an authorization email on user email id.

this can avoid account missuse even somebody got your login details or fu*king cookies ..

[NewLurker]

isn't another good solution, as nulled system detect change in IP, send an authorization email on user email id.

this can avoid account missuse even somebody got your login details or fu*king cookies ..

Brother, I'm not exactly sure if nulled let 2 computer log in at the same time, the cookies might let them in regardless IP ? I faced one with the real owner logged while hacker logged in as well..... so I guess your solution might work if the hacker is using cookies and remotely login from a different spot but still able to spoof the ip close to the owner real ip geo so... 

https://www.nulled.t...ner-are-online/

[worlockt]

Many security agencies implement this function.

For eg. you must notices in gmail. You access from another machine even for same IP, you get notification ( atleast )

I think by implement simple detect ( IP and machine ) and send authorization email many user will be save missuse.

And once user get info that something is leaking, they can restore their machine for better security.