OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

The now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide.