API security vulnerabilities in open authentication (OAuth) were recently discovered by Salt Security. The flaws, which have since been remediated, could have allowed for credential leakage and enabled full account takeover (ATO).
Additionally, threat actors could have gained complete access to a user's accounts on dozens of websites, potentially allowing access to bank accounts, credit card details and other sensitive data.
The vulnerability also allowed cybercriminals to perform any action on behalf of that user, including identity theft and financial fraud.