Facebook has moved quickly to shut down a loophole which made some accounts accessible without a password.
The bug was exposed in a message posted to the Hacker News website.
The message contained a search string that, when used on Google, returned a list of links to 1.32 million Facebook accounts.
In some cases clicking on a link logged in to that account without the need for a password. All the links exposed the email addresses of Facebook users.
Read more on BBC.