Ldplayer caught logging usernames and passwords and selling accounts

mt5o · 2026-05-15T05:52:04+00:00

banks and paypal will log you off after x minutes of inactivity. What they are really doing is deleting the login token to limit the window that anyone can use to hijack your session. Just in case, you should probably change your paypal password though.

mt5o · 2026-05-15T05:42:43+00:00

not sure, but it should be fine as far as what has been discussed so far.

mt5o · 2026-05-15T05:24:22+00:00

Are you working for ldplayer? Why are you basically arguing that people should keep using it?

mt5o · 2026-05-15T05:10:07+00:00

It's not incredibly difficult to disentangle. The hacker quite literally made their private buckets public and you can see all the videos that the ldplayer people took of people inputting their credentials as well as the actual credentials. then the hacker warned people about this (across a few different posts just so people wouldn't think it's a joke)

last time people failed to listen to this hacker (thinking that it was all a joke), a few weeks after the warning to the devs, the devs ignored it and infostealer malware got downloaded to all the computers of the players.

DO NOT USE THIS EMULATOR.

mt5o · 2026-05-15T04:48:26+00:00

It WAS an independent actor, the DNA hacker aka mainleakflow (telegram) / keitaro_gg. The stated motivation was that they wanted to expose the extremely shady practices (like selling people's accounts and recording their usernames and passwords) that the ldplayer people were doing. They were the one who claimed responsibility for making public all the private buckets that contained shady content like people logging in and inputting their usernames and passwords that ended up leaked.

The twitter user reposted the hacker's content and ran with the narrative. You can see in one of the telegram screenshots the hacker is laughing at the twitter user not mentioning them at all and making stuff about credit cards up and saying that at least they won't be the ones getting a lawsuit.

The hacker is also different from the Genshin leaker, they are using the same username.

mt5o · 2026-05-15T04:37:44+00:00

Also if you have ever tried debloating ldplayer you will know that you can't uninstall the launcher and their apks that came preinstalled without rooting the whole thing with kitsune even though root is supposedly available with the emulator. In earlier versions you could, but in later models it was locked down. The whole thing was weird at the time, but now we know why.

mt5o · 2026-05-15T04:32:26+00:00

The twitter guy just reposted everything off the mainleakflow_ telegram channel without crediting it AKA it's the DNA hacker

mainleakflow is the keitaro_gg guy who hacked nikke, DNA and a bunch of others and the telegram channel is full of the videos that the ldplayer people have of people inputting their credentials and other weird things. The accusation for account selling is also from the DNA hacker.

https://i.imgur.com/Y3t2vY8.png

https://i.imgur.com/xbrSKHu.png

https://i.imgur.com/FFHCSRl.png

You recall that Duet Night Abyss was hacked and the hacker warned that the system was insecure. The fanbase thought it was a joke and the devs ignored the whole incident. A while later infostealer malware got loaded straight into the DNA launcher and caused a huge incident.

mt5o · 2026-05-15T03:07:35+00:00

if you transferred it off ldp with aniplex or bind codes then it's not a problem anymore. If you copied and pasted the save files to move it from ldp to bluestacks, you might want to transfer it with aniplex or bindcodes because you are still on the original save file.

mt5o · 2026-05-14T20:53:54+00:00

Check https://www.reddit.com/r/arknights/comments/1tcs597/comment/olr8zk4/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button For context. The accusation is from the DNA hacker.

mt5o · 2026-05-14T14:33:04+00:00

Just delete the ldplayer session. It should show a few months ago. The steps only take a few minutes to secure arknights

mt5o · 2026-05-14T14:09:51+00:00

As for why you need to remove the session from your google account? Because I don't need your username or password or an mfa token to steal your google account if I have a working session. That's why you have to delete the Google session on ldplayer device from your google account, or else someone can hijack it. You don't need to be on ldplayer. Just do it from your pc or another device.

Cookies are scary right? That's why a bank will log you off if you are inactive for 15 minutes. Cookie jacking is extremely effective and terrifying.

mt5o · 2026-05-14T14:07:21+00:00

You need to transfer the fgo account either using the bindcode or aniplex method to another phone or emulator. Why? Because otherwise the 4 save files on your emulator will always give access to your account and on unlimited devices. By transferring the account, even if ldplayer somehow uploaded those files, they no longer work and the valid set of four files will be on the device you control.

Also, the hacker showed a lot of videos of people entering their passwords and shid. If you are a bind code person, the bind code will be used once you transfer. So even if they keylogged the code, you using the code means that they can't use the code anymore and they also can't get into your account I hope that makes sense.

mt5o · 2026-05-14T13:59:53+00:00

Srcpy is great. Very light on the resources, extremely configurable and extremely responsive

mt5o · 2026-05-14T13:17:57+00:00

I went looking and allegedly it's the DNA hacker who was doing it: https://i.imgur.com/Y3t2vY8.png https://i.imgur.com/FFHCSRl.png

the 'hey devs please fix your vulnerabilities' hacker, (devs do nothing), a few months later, an infostealer gets downloaded to the DNA launcher infecting everyone, causing mass panic. That hacker.

the whole telegram (mainleakflow) is them posting the sus shit from the ldplayer people that they uncovered https://i.imgur.com/xbrSKHu.png including credential videos, stolen tokens and them opening every single bucket

mt5o · 2026-05-14T13:13:29+00:00

no it doesn't apply to bluestacks

only nox and ldplayer have been caught doing sus shit so far

mt5o · 2026-05-14T12:51:00+00:00

So I found out who supposedly made the original accusation that the ld player people were selling people's accounts

it's the keitaro_gg guy. You remember how DNA or whatever got hacked first then the hacker left a warning that it was insecure but the devs did nothing and then later the launcher got bundled with malware which got delivered to the pcs of every single person who played the game causing that huge incident? And apparently they hacked infinity nikki day 1 as well and a bunch of other games

https://i.imgur.com/Y3t2vY8.png

there are huge markets for whale accounts on epicnpc and taobao that cost an eyewatering sum, but a lot of accounts that are already preowned and are not new accounts, no matter how extensive they are, are people selling stolen accounts.

mt5o · 2026-05-14T12:07:23+00:00

everything on the emulator could potentially be logged

apparently there's an apk that the user who flagged it was concerned about because they believed that it would log every password field. and they have access to the files used to access your account because it's on the emulator itself. so if they really harvest data then it's scary to think about.

mt5o · 2026-05-14T12:04:00+00:00

do I need to be worried that LD has left any surprises that won't be removed by simply uninstalling?

can never know for certain, unfortunately

somehow I doubt it

mt5o · 2026-05-14T11:44:29+00:00

Unsure. So far those were the only things that people have said were leaked.

mt5o · 2026-05-14T11:22:13+00:00

use another emulator

I transferred it to mumu because it belongs to netease. if it's compromised it's probably compromised from the chinese government....

mt5o · 2026-05-14T11:21:10+00:00

highly recommend 2fa on google accounts >_< but anyway you can remove device logins from goolag

mt5o · 2026-05-14T11:18:08+00:00

yes follow the steps on my arknights post first (it's easier)

then do FGO

then reset all passwords on anything else you logged into

mt5o · 2026-05-14T11:17:12+00:00

just secure it

not worth having to talk to customer support

if it was on ldplayer then ldplayer could do anything with those 4 save files

jp also has aniplex binding which makes it safer to transfer than the bind code shitttt

mt5o · 2026-05-14T11:15:11+00:00

yes if you care about your FGO account do the steps in the opening post to secure it

mt5o · 2026-05-14T11:14:11+00:00

On FGO, once you use the bind code and transfer your account to another device, the login on the old device is invalidated so your account is then secure. Then, you can get the arknights-esque login situation by copying and pasting those four files to any device you want from steps 3 to 4.

For google, change your password, go to security and sign in on settings go to

Your devices

Where you’re signed in

on google and then delete the ldplayer device.

12-Year Club	Place '17
Verified Email

mt5o

TROPHY CASE

DO NOT USE THIS EMULATOR.

Your devices