X (Formerly Twitter): Bypassing Digits origin validation which leads to account takeover

Hi, I would like to report an important issue that affects websites that has integrated "Signin with Digits" , leading to potential account takeover. Detail In Digits architecture, the data communication channel between Digits and customer's site relies on postMessage. In order to prevent malicio...