It is possible to perform single-click account hijacking by abusing the OAuth process flow, a security researcher has found. Attackers can abuse OAuth implementations to steal secure access tokens and perform one-click account hijacking.