Ok it seems there is a new session stealer type scam. Somebody will add you on messenger and make up some story eg, worked out a new program to do something on Habbo. They will say go to the Habbo homepage while your logged in and type in the Url ' javascript:alert(document.cookie);'.

You will then get a pop-up and they will say 'tell me the code after JSESSIONID' if you tell them the code they will put it into a separate code on there URL which will then log them into your account so they can do what they want on it

Be warned OK? ;)

Thanks for the info :)

Good find :)

Yeah ive seen this before. Although i have read it only logs them into your homepage - if it is true they cannot do much.

Good find though ;)

This is old..
well maybe new to this forum. but yeah..

It lets you steal their homepage thing.. but its useless if you have been online for more then 10 minutes because it will say that you timed out.. and the person would need your password to get in..

Thanks for the info!

Good find :]

Habbo.co.uk/client
When u go there (its actual hotel) it says in the link
https://www.habbo.co.uk/account/login?service=%2Fsecurity_check%3Bjsessionid%htg8h 7486f74gh65df47g65 it says jessionid

Ok it seems there is a new session stealer type scam. Somebody will add you on messenger and make up some story eg, worked out a new program to do something on Habbo. They will say go to the Habbo homepage while your logged in and type in the Url ' javascript:alert(document.cookie);'.

You will then get a pop-up and they will say 'tell me the code after JSESSIONID' if you tell them the code they will put it into a separate code on there URL which will then log them into your account so they can do what they want on it

Be warned OK? ;)

Well done for telling everyone how to steal someones session remove the URL so people don't know it as long as people dont give away their session id they are fine.

Habbo.co.uk/client
When u go there (its actual hotel) it says in the link
https://www.habbo.co.uk/account/login?service=%2Fsecurity_check%3Bjsessionid%htg8h 7486f74gh65df47g65 it says jessionid Thats just the login jsessionid Im pretty sure that it is the same for everyone but I may be wrong, however it is harmless as it is only leading to a non-logged in account. But when you are logged in your jsessionid changes and you can use programmes to edit your cookies to that (will not name the programmes and addons for safety reasons)


Well done for telling everyone how to steal someones session remove the URL so people don't know it as long as people dont give away their session id they are fine.

Read above..

Thanks for the info.

Good find, dont know how somone would fall for that though, like why do all that just because the person said so.

Well done for telling everyone how to steal someones session remove the URL so people don't know it as long as people dont give away their session id they are fine.

Urm dude, read it you ****. That's what they get told to put in, I told them it so they knew about it. I didn't say the other bit which the person preying on the victim puts in, oh and so you know, you can't do anything with out it :rolleyes:

You would have to be blonde to accept a site or download from somone you don't know.

I second that :P

Thanks for the information :)