Open Redirect Flaw Snags Amex, Snapchat User Data

Phishing campaigns have targeted thousands of victims by impersonating brands like FedEx and Microsoft. Hackers exploit a well-known open redirect flaw to acquire personal information via American Express and Snapchat domains. The Snapchat domain’s vulnerability remains unpatched, despite the flaw being reported in early August. The American Express flaw was patched soon after it was identified. Phishing emails including disguised links to seemingly legitimate sites trick victims into giving up valuable credentials and personal data.