An official statement by Facebook said that the security flaw was discovered by Facebook on Tuesday and closed on Thursday.
It is reported that a notification message has been sent to the users who are likely to be harmed by the security hole.
I'M VERY HAPPY THAT WE CLOSED THE SECURITY GAP.
Facebook CEO Mark: "I'm very happy to have discovered this security hole and closed it. This incident is a problem in itself, and I think this attack is a challenge for our users and our services."
Facebook announced that the security hole is in the functionality designed for the user to see his profile through the eyes of other users: "View As" functionality.
Note that the mentioned security hole has been completely removed by Facebook engineers and there is no need to change the password of your Facebook accounts.