The Next Web

Twitter developers be aware of OAuth API changes!

We recently asked all Twitter third party app developers to get rid of asking for user credentials and kindly switch to delegated authentication based on the open OAuth protocol. Today we want to ...
Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...
Wired

Developer Quits OAuth 2.0 Spec, Calls It 'a Bad Protocol'

After three years as lead author and editor of the OAuth 2.0 specification, Eran Hammer has stepped down from his role, withdrawn his name from the spec and even quit the OAuth working group ...
Infosecurity-magazine.com

Expo Framework API Flaw Reveals User Data in Online Services

A critical security flaw in the Expo framework has been discovered that could be exploited to reveal user data in various online services. The vulnerability (CVE-2023-28131) was discovered by Salt ...