A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in Facebook. The vulnerability could have allowed attackers to hijack Facebook accounts by simply tricking users into clicking on a link. The researcher, who goes by the online alias “Samm0uda,” discovered the vulnerability after he spotted a flawed endpoint (facebook.com/comet/dialog_DONOTUSE/) that could have been exploited to bypass CSRF protections and takeover victim’s account. Facebook acknowledged the issue and rewarded the researcher with $25,000 as part of its bug bounty program.
Source: https://thehackernews.com/2019/02/hack-facebook-account-password.html