Google's security team look at how ShinyHunters has rolled out SSO scams

Mandiant analyzed ShinyHunters' MO, detailing how it steals login and MFA codes.

Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) ...
Hosted on MSN

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits

Many sites let you sign in with an existing login from consumer SSO providers. This approach results in a potentially risky centralization of your credentials. Passkeys allow you to compartmentalize ...
SlashGear

Stop Signing Into Websites With Google And Facebook And Do This Instead

On most major websites, you're bound to see a handful of familiar icons under the login credential fields. Likely, an option to sign in to that particular website via Google, Facebook, Apple, and ...