OAuth App Impersonation Attack: How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on OAuth and API Design in Online Social Networks
Many Online Social Networks (OSNs) are using OAuth 2.0 to grant access to API endpoints now-a-days. Despite many thorough threat model analyses (e.g. RFC6819), only a few real world attacks have been discovered and demonstrated. To the presenter's knowledge, previously discovered loopholes are all based on the misuse of OAuth.