WARNING: Javascript Hacking Via Links

[Breeze]

People are using a new method which was a spin off to the last huge issue about "ClickJacking" in which an email address is leached to the victims Habbo ID. They use a website (won't name it) in which there's a tutorial on how to do it and all it takes is an account on this website and a small amount of know-how and boom you've got a Javascipt hacking method. Do not click any bit.ly or any other links which look dodgey or unsafe. I thought I'd warn some of you before someone maks a horrible mistake. Here's a screen shot of what some guy gained from it:



If a site ADMIN wants proof that this is legit and I am not causing a huge stir for attention I will gladly PM them 100% video proof that it works as someone posted a tutorial on youtube.

Hope I bailed someone out of making a big mistake, Breeze

[Samantha]

Ooh maybe this is what hacked Normies, well all avatars on an id but luckily Normies was on another.

[Chippiewill]

I don't believe this is a new exploit but it's certainly not a nice one either.

I would personally never click a link in the client and it's beyond me as to why they added that feature.

[MKR&*42]

I don't click links in-client anyway ;L. I'm too scared to find out what the YouTube ones are, the bit.ly ones probs lead to *REMOVED* (not sure if I can name that aha - DON'T GOOGLE THAT SITE IF YOU DON'T KNOW WHAT IT IS) or some of that rubbish and the rest are just useless for me ._.

But yea, thx for warningx

Edited by SyrupyMonkey (Asssistant General Manager (Staff)): Please do not mention inappropriate sites.

[Empired]

I don't click links because they lag me so very badly.. But I guess I can thank my lag in this case ^_^

Thanks for the warning, I think I've something something along those lines before, though

[Succubus]

I don't click links unless there a site I know and fully trust.
Thanks for the warningthough!

[FiftyCal]

I believe you breeze because thats how i get fake virus protection is through javascript via links

[vito201-:D]

Sulake have locked up Habbo pretty damn effectively now - it means only small exploits like this can ever be found now-a-days... gone is the time when we'd find an exploit that allowed gain of hijacking the client.windows etc...
You basically actually have to fall for some sort of scam now... so if you just don't follow links you don't trust in regards to Habbo (So if anyone involved in Habbo sends you a link - make sure you know what it is/why they sent it before following it).

Simple.

Not like when you could use the client windowID to refresh into our own login version and then send the credentials back to the real client upon entry... so that the user barely knew anything was up... meant if you hacked a fansite you could expect hundreds of furni-hacks per day.
Good times, good times... but far, far, far away now... and replaced with this clickjacking method to add a secondary email to an Habbo account's ID.

[Breeze]

Sulake have locked up Habbo pretty damn effectively now - it means only small exploits like this can ever be found now-a-days... gone is the time when we'd find an exploit that allowed gain of hijacking the client.windows etc...
You basically actually have to fall for some sort of scam now... so if you just don't follow links you don't trust in regards to Habbo (So if anyone involved in Habbo sends you a link - make sure you know what it is/why they sent it before following it).

Simple.

Not like when you could use the client windowID to refresh into our own login version and then send the credentials back to the real client upon entry... so that the user barely knew anything was up... meant if you hacked a fansite you could expect hundreds of furni-hacks per day.
Good times, good times... but far, far, far away now... and replaced with this clickjacking method to add a secondary email to an Habbo account's ID.

Alex you've not changed a bit man! I agree with you however the good times are long gone.

[twinart]

Thanks for the advice. I'll take care.