ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...
Threat Post

Facebook Patches OAuth Authentication Vulnerability

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw ...

Salesloft says Drift customer data thefts linked to March GitHub account hack

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...
Digit

Twitter makes OAuth mandatory; tries out new link wrapping service

Starting August 31st, all Twitter applications now require the use of the OAuth ID to be able to access your Twitter account. Advantages of this move are ...