Vulnerability resides in Facebook Graph API mechanism, which allows “a hacker to delete any photo album on Facebook” Indian security researcher Laxman Muthiyah has found a way to delete not just his own, but also others Facebook photo albums within few seconds. In order to delete a photo album from victim’s Facebook account, the attacker only needs to send a. HTTP-based Graph API request with victim’s photo album ID and attacker’s own access token generated for ‘Facebook for android’ app.
Source: https://thehackernews.com/2015/02/hacking-facebook-photo-album.html