Researchers took over Booking.com accounts using a legitimate Facebook link
The vulnerability exists in OAuth (social sign-in), used by almost every website today.
If you are unfamiliar with OAuth, the post (in the first comment) explains it step-by-step with detailed diagrams.
1 comment
[ 2.7 ms ] story [ 22.7 ms ] threadVideo: https://youtu.be/IK_AV1UFS-0