15.12.2015 - Basically, they "reroute" your login token to their servers first, so therefore, they could be able to use it. In other words, they can steal your .