CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts.

In this report, the researcher identified a CSRF vulnerability in the account linking process that could have allowed attackers to link their Facebook account to the victim's Social Club account, giving the attacker access to the victim's Social Club account. This attack would have required a degree of deception and certain preconditions to be in place, otherwise it would fail. However, the impact was severe enough to be worth fixing despite it being a CSRF issue. We implemented an anti-CSRF token that is now required to complete the linking process, and as a result this attack is no longer possible.