[Facebook] Disclose App associated Business and Fan Page

 By making a restricted API call, a malicious user could have identified the Business and the Fan Page of an approved Facebook App.


An API call made as -

https://developers.facebook.com/tools/explorer/?method=GET&path=APP_ID?fields= owner_business{link}&version=v10.0

will respond with -


Timeline -

Reported - Tuesday, May 25, 2021

Marked as Duplicate - Wednesday, May 26, 2021 

Fixed - Wednesday, July 13, 2022