Uh-OAuth! - Breaking (and fixing) OAuth Implementations

Thu, 29 Jun 2023 @ 14:50:00

We dove into the world of OAuth (open standard for authorization and authentication) and its various implementations. By applying advanced attack techniques, we managed to gain control of accounts on popular applications and websites – household brand names – each with more than 100 million users. At the end of the day, our research gave us (potential) access to one billion accounts.