'This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted the "View As" feature', Facebook stated on their website.
Facebook say they have fixed the vulnerability and have informed law enforcement agencies.
To minimise the risk of further breaches, Facebook users should log out of any associated websites that use Facebook credentials. Users should visit the 'Security and Login' section on Facebook to make any changes.
The impact to Australian users is unknown at this stage.
Head of ACSC, Alastair MacGibbon, is reminding people to watch out for possible phishing attacks. 'Australians should keep a look out for any unusual activity from friends or family on their Facebook accounts.'
'This is a timely reminder for Australians to be constantly wary of criminals seeking to exploit their personal information online.'
The ACSC is working closely with the Privacy Commissioner to establish if Facebook has violated any terms in the Privacy Act 1988.