This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty

Exploring Frans Rosén’s bypass of OAuth security

Summary

Hijacking a random user’s account can be a dream goal of many malicious hackers. This can occur through traditional methods of data leaks and brute force passwords, but with additional security measures more commonplace, such as 2FA or OAuth, it (hopefully) is becoming harder to simply guess and check.