$3k Bug Bounty - Twitter's OAuth Mistakes
![A Twitter login screen. Highlighted is the information that it cannot access your DMs.](https://cdn.statically.io/img/shkspr.mobi/blog/wp-content/uploads/2018/11/Google-TV-Twitter-DMs-fs8.png)
Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and […]
Continue reading →