What never dies, spreads rampantly, and is guaranteed to bite you? You guessed it: Stolen access tokens! In recent weeks, we’ve seen a number of hacks around OAuth access tokens. As much as we’d like to blame the underlying technology, it’s more out of misuse and misunderstanding than anything else. No matter who it is, the outbreak is the same: A website uses OAuth with little to no granularity in scopes The website issues an...

Read more