Cybercriminals are using a vulnerability in OAuth to maintain unauthorized access to accounts. Even resetting passwords or enabling multi-factor authentication fails to revoke their entry. This issue highlights a significant gap in standard security measures.
According to a TechRadar report published on October 22, 2025, hackers are targeting an OAuth loophole that allows them to retain persistent access to user accounts. OAuth, a common protocol for authorizing access to applications without sharing passwords, is being exploited in a way that bypasses traditional security resets.
The article explains that criminals can continue accessing accounts even after users reset their credentials or implement multi-factor authentication (MFA). 'Criminals retain access even after MFA and credentials resets,' the description states, underscoring the severity of this vulnerability.
This exploitation means that simply changing passwords—a common first response to suspected breaches—does not suffice. The loophole enables ongoing unauthorized entry, potentially exposing sensitive data over extended periods. No specific timeline of incidents or affected platforms is detailed in the source, but it emphasizes the need for users and organizations to review OAuth configurations beyond basic authentication.
Experts warn that this persistent access could lead to prolonged data theft or further compromises. The report serves as a call to action for enhanced security practices in OAuth implementations, though it does not specify immediate solutions or widespread impacts.