Imagine the scenario. You’re trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions – phew – it doesn’t want to access your Direct Messages. You authorise it – whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and … Continue reading $3k Bug Bounty – Twitter’s OAuth Mistakes