Can you help me understand how it work?
Do they steal your cookies while we are logged in and able to re-use that cookies on somewhere else to login? I thought once you logged in the cookies is created and they took it? even if u are in incognito mode or clear ur cookies once you done browsing?
When you log in and check the "remember me" box a cookie/cookies will be created and stored on your pc, whenever you visit nulled again the cookies will be read and you will be automatically logged in.
My guess is that people have used cookiegrabbers to grab your cookies including your nulled cookies and used those cookies to get nulled to autologin to that user, clearing your cookies OR not checking the "remember me" box will probably be enough.