An-Untitled-Developer
commented
1 year ago The only thing that's not a token stealer is the plushack.js
Closed An-Untitled-Developer closed 6 months ago
An-Untitled-Developer
commented
1 year ago The only thing that's not a token stealer is the plushack.js
JSic123
commented
1 year ago YES @An-Untitled-Developer is completely right! Explanation: I used this, and it is most definitely a token stealer. It didn't work, and the console errors starting flooding, hundreds by the second. I then saw this, and realized what happened. As quickly as possible, I changed my password and email, and verified that email. However, when I tried to change my email, it logged me out and when I tried to log back in again, it said there was no account associated with that email. After a minute of trying whatever I could, using my username instead of my email worked. I then changed my email, verified it, and changed the password another two times. I'm not sure if it can still log the tokens up to date (like it logs every time I use duolingo), but I hope I'm good. I tried researching this but, as expected, no one actually tries to steal duolingo tokens, so nothing useful came up. However, I know changing your password changes the token, so I hope I fixed it.
pmzxyx
commented
11 months ago i deleted my account cus i was testing it. i also gave ita random password.
Slept66
commented
10 months ago 
colleirose
commented
8 months ago I don't understand why people fall for this. It's also such a ridiculous scam to run, you get absolutely nothing from Duolingo accounts.
rxzyx
commented
6 months ago lol what?? no evidence
rxzyx
commented
6 months ago In fact, I dare you to send me proof, under Allah I promise to post it and apologize for said accusation if you give me proof and it's actually correct, send it to me on my Twitter. I'd like ANY suitable proof, like an HTTP(S) dump showcasing such a thing, or a log that shows this (with evidence it's from one of my codes), or the de-obfuscated code to prove such 'stealer' activities. This only utilizes Duolingo's in-built functions and nothing else, no other external thing.
I'd also like to note that 'errors' come from UI changes within Duolingo, so fetching web hook functions have changed, it's really not that hard to figure out.
I don't know if you're just a Russophobe or a troll but what a dumb accusation.
Glory to stupidity I guess.
Slept66
commented
6 months ago How I have been using rxzyx's hacks for years now. I trust his hacks.
Yup it's a stealer. In networking (on a dummy account) it sent the account token.actv to some webhook. It's not a discord webhook but it's a localhostSender webhook.