Following the major Heartbleed security issue that affected millions of websites, a different vulnerability has been discovered that could have allowed hackers to steal certain personal data from users. CNET reports that a security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites. Dubbed “Covert Redirect,” the exploit masquerades as a login pop-up based on an affected site’s domain, which would easily fool unsuspecting Internet users. “For example, someone clicking on a malicious phishing link will get a pop-up window in Facebook, asking them to authorize the app,” the publication writes. “Instead of using a fake domain name that’s similar to trick users, the Covert Redirect flaw uses the