Multiple bugs chained to takeover Facebook Accounts which uses Gmail.

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

CSRF Bypass Using Domain Confusion Leads To ATO

How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty

Interesting Story of an Account Takeover Vulnerability