This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
10/26/2023
Salt Security Discovers Flaws in Social Login Mechanism Impacting 1000s of Websites and Exposing Billions of Users to Account Takeover
Cision PR Newswire
PALO ALTO, Calif., Oct. 24, 2023 /PRNewswire/ -- Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting API security vulnerabilities uncovered in the social sign-in and Open Authentication (OAuth) implementations of multiple online companies, including Grammarly, Vidio, and Bukalapak. The flaws, which have since been remediated, could have allowed for credential leakage and enabled full account takeover (ATO). Salt Labs also reported that 1000s of other websites using social sign-in mechanisms are likely vulnerable to the same type of attack, putting billions of individuals around the globe at risk.
These findings mark the third and final research report in the Salt Labs OAuth hijacking series, following vulnerabilities uncovered in Booking.com and Expo earlier this year.
This latest research identified flaws in the access token verification step of the social sign-in process, part of the OAuth implementation on these websites. The vulnerabilities could have impacted nearly a billion user accounts across these three sites.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information