Serious security flaw in OAuth, OpenID discovered
Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
If you're using Facebook, Google, or some other account to sign in to other websites, it's time to stop. Yes, it's inconvenient to have to manage multiple sign-ons, i.e. creating a separate account for each website, but the alternative is to have all you accounts compromised in one go and it's doesn't look like they'll completely fix it any time soon