Dark Reading

Booking.com's OAuth Implementation Allows Full Account Takeover

Flaws in the authorization system of the Booking.com website could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log ...
The Next Web

Threadsy is first web based Email client to implement Gmail OAuth. No passwords needed! [Updated]

Update: This article originally stated that Threadsy was the first web app to implement Gmail OAuth which was incorrect. That title goes to Etacts. Thready was the first web based email client to ...
The Next Web

Calling all Twitter tool providers to implement OAuth

OAuth has rightly gained lots of popularity these days and even given the current session fixation issues, I’m a strong fan of the delegated access control it promotes and helps implementing. (For ...
Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...