This current security threat, deemed the “Covert Redirect” flaw, has made users of many high volume tech sites vulnerable, including those who use Google, Facebook, Microsoft, LinkedIn, any many more.
“If a user chooses to authorize the login, personal data (depending on what is being asked for) will be released to the attacker instead of to the legitimate website. This can range from email addresses, birth dates, contact lists and possibly even control of the account. “