Came here to ask the exact same question. TLDR; Authorization cookie for an impo... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

zaroth on April 27, 2020 | parent | context | favorite | on: Beware of the GIF: Account Takeover Vulnerability ...

Came here to ask the exact same question.

TLDR; Authorization cookie for an important Account API is sent to *.teams.microsoft.com and they got control of a subdomain of that somehow.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact