Tools like evilnginx proxy the traffic, then grab the auth token / cookie after a successful login. From there you can send the session tokens to something like necrobrowser to automatically do whatever you want with the account. The whole hack can happen in seconds.