A researcher has found a critical security flaw on Facebook that could be exploited by hackers to expose sensitive information about users. Facebooks servers use code called a post_form_id token to check that the browser trying to do something liking a group, for example was actually the browser that had logged into the account. The bug has to do with the way that Facebook checked to make sure that browsers connecting with the site were the ones they claimed to be.”]
Source: https://grahamcluley.com/embarrassing-privacy-flaw-facebook/