While watching live gaming videos it's possible for a user to create a clip from the last 60 seconds and they can share it as a post. Post privacy can be 'only me, friends, or public' but irrespective of the post privacy all posts can be disclosed by a malicious user.
This could have let to the leak of gaming clips a user shared, even when they shared the clip to a limited audience like "Friends" or "Only Me."
User A and User B aren't facebook friends
Play any live gaming video, Enlarge the video
Now create a clip of 60 seconds
Add post description
Change post privacy to only me/friends
Login as User B, browse User A's timeline (Post Isn't visible)
Change User ID in Variables parameter to User ID of User A
Forward the request