Facebook is looking into a security flaws that reveals JavaScript trackers can be used to hack your facebook profile’s data when a user log in to third party websites through Facebook credentials.
So when somebody log into any third party websites these embedded JavaScript trackers can get them access to usernames, email address, age, gender, photos, location etc.. depending how much access has been allowed by the user.
According to TechCrunch (link below),
A Facebook person on this matter responded,
Facebook has already been under a lot of controversies that started from the Cambridge Analytica case. This is actually not Facebook's fault and it's because of lack of security b/w first party & third party scripts. But the company did have many loopholes in their privacy policies which allows third-party websites to access the users data.
Facebook is already recovering from the Cambridge Analytical case and did improve its security modules but these newly-discovered exploits keep coming to their attentions.