Olx account hacked

deletePublishedOlx.js

/**
 * After my bro's olx account was hacked and I had no way to log the hacker out even after i gained access back into the account and changed my password
 * Any user already logged in before the password change still had access as long as he didnt logout.
 * I reached out to olx but didnt get any response, so wrote a quick snippet to delete all the hackers Scam publication every 2hrs.
 * atleast until the `logout every user` feature is implemented on the app.
 */


const fightThePublishers = () => {
  const params = {
    credentials: 'include',
    referrerPolicy: 'no-referrer-when-downgrade',
    mode: 'cors',
  }

  fetch('https://www.olx.com.ng/api/users/USERID/items', params)
    .then((res) => res.json()).then((resp) => {
      const myItems = resp.data.map(({ id }) => id)
      myItems.forEach((myItem) => {
        fetch(`https://www.olx.com.ng/api/items/${myItem}?reason=close`,
          { ...params,
            body: '{"reason":"close"}',
            method: 'DELETE',
          })
      })
    }
    )

  fetch('https://www.olx.com.ng/api/users/USERID',
    { ...params,
      body: '{"data":{"name":"SCAM, HACKED ACCOUNT","about":""}}',
      method: 'PATCH',
    })
}


let timer = setInterval(fightThePublishers, 60 * 60 * 1000 * 2)



#!/bin/bash
# I used this bash script to change his name to 'SCAM SCAM SCAM...' every hour 
# because i didnt want to keep my browser running 
fightThePublishers () {
    while true; do
       curl 'https://www.olx.com.ng/api/users/USERID' -X PATCH -H 'origin: https://www.olx.com.ng' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://www.olx.com.ng/editProfile' -H 'authority: www.olx.com.ng' -H 'cookie: YOUR ACCOUNT COOKIE' --data-binary '{"data":{"name":"SCAM SCAM SCAM SCAM HACKED","about":""}}' --compressed
        ;sleep 3600
        done
}

Hui