A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.
1f368fb681cb0f83b994a4f076b47f93bf100cc10af4af529935449d736dd571