https://thenextweb.com/facebook/2018/11/14/facebook-bug-allowed-websites-to-grab-unsuspecting-users-personal-data/

Security firm Imperva found a bug in May that allowed websites to read Facebook users and their friends’ private information. The troubling vulnerability let a site access users’ likes and interests through a manipulated Facebook Graph query. Thankfully, the bug has now been fixed

Imperva’s researcher Ron Masas discovered in May that Facebook was exposed to cross-site request forgery (CSRF). That means another website can access a logged-in Facebook user’s data through queries in code.