The company wasn't protecting its search results from cross-site request forgery, Masas found. Bad actors could have used an iFrame (which lets people embed material such as PDFs, YouTube videos or other pages within web pages) to open a Facebook tab and collect information.

Attackers could have run queries with certain graph searches, such as to find out whether you liked a page, if you took photos at a certain location or if you or your friends used specific keywords in your posts. The bug could have also allowed malicious sites to find out which of your friends liked a certain page or identified with a certain religion.

Facebook is not the only company which has faced this type of issue and it seems no one took advantage of this particular vulnerability. However, it's the kind of data that can be used to build a profile of someone for the likes of ad targeting or election profiling -- we saw something similar with the Cambridge Analytica scandal. With Facebook having faced multiple privacy issues in recent times, its data slips will be under close scrutiny for the foreseeable future, even if attackers didn't exploit this particular bug.