It came to our attention yesterday that some third-party tracking scripts on websites were directly accessing Facebook public profiles. While investigating this issue, we have taken immediate action by: Disabling the ability to resolve the app-scoped user ID (ASID) returned by Facebook Login to a Facebook profile page, even for logged-in users. Instituting rate limiting of profile picture requests