Attackers can steal Facebook access tokens to impersonate Facebook users and perform malicious actions that include, but are not limited to, posting content on behalf of users and accessing friend lists.
ADVISORIES | November 1, 2014