Dark Reading

Booking.com's OAuth Implementation Allows Full Account Takeover

Flaws in the authorization system of the Booking.com website could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...
InfoWorld

Twitter OAuth feature can be abused to hijack accounts, researcher says

A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, ...