"'Log in With...' Feature Allows Full Online Account Takeover for Millions"
"'Log in With...' Feature Allows Full Online Account Takeover for Millions"
Vulnerabilities in the implementation of the Open Authorization (OAuth) standard across three major online services may have exposed users to credential theft, financial fraud, and other cybercriminal activities. Researchers from Salt Labs discovered critical Application Programming Interface (API) misconfigurations on the websites of several online companies, including Grammarly, Vidio, and Bukalapak, which leads them to believe that dozens of other websites are likely compromised in the same way.