Researchers took over Booking.com accounts using a legitimate Facebook link

4 points by aviCC 3 years ago · 1 comment · 1 min read

The vulnerability exists in OAuth (social sign-in), used by almost every website today. If you are unfamiliar with OAuth, the post (in the first comment) explains it step-by-step with detailed diagrams.