WeLiveSecurity

Facebook: No evidence attackers used stolen access tokens on third-party sites

Facebook has announced that it found no evidence that attackers had used stolen account access tokens on other websites or apps that enable users to access their accounts using Facebook Login. This ...
PC World

Developers leak Slack access tokens on GitHub, putting sensitive business data at risk

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk. Slack has become ...
Threat Post

Facebook Android Flaws Enable Any App to Get User’s Access Tokens

A researcher has discovered serious vulnerabilities in the main Facebook and Facebook Messenger apps for Android that enable any other app on a device to access the user’s Facebook access token and ...
AppleInsider

How Apple could kill CAPTCHAs with Private Access Tokens

Apple demoed technology at WWDC 2022 called Private Access Tokens — and they could potentially kill CAPTCHAs once and for all. Private Access Tokens (PAT) can prove when an HTTP request is coming from ...
Redmond Magazine

Microsoft Previews Token Lifetime Policies for Azure Active Directory

Microsoft is previewing an Azure Active Directory capability that lets organization have better control over application access by end users. The control gets managed by specifying how long a token ...
Infosecurity-magazine.com

Stolen Access Tokens Lead to New Internet Archive Breach

Hours after the Internet Archive was reportedly back on its feet following a wave of cyber-attacks, it seems that the world’s largest digital library is in hot water again. On October 20, several ...
InfoWorld

Sensitive access tokens and keys found in hundreds of Android apps

Many developers still embed sensitive access tokens and API keys into their mobile applications, putting data and other assets stored on various third-party services at risk. A new study performed by ...