Researcher Laxman Muthiyah, was person behind it who discovered this security issue. Laxman explained that the bug was resides in the Graph API, which allow him to delete any photo's album of any facebook users, even of fan page or facebook group.
In response to the error message that he got, he made some tweaks and once again tried the same, but this time he use Facebook for Mobile access token. Laxman noted - we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API.
As on Facebook for mobile, there is no option to delete photo album, so he took the Album ID and Facebook for android access token, and send the same HTTP delete request to the facebook server. This was all done, as Facebook have completed the request successfully.
So to deleted photos album of any users, he just need to send a HTTP request with the victim photo album ID, which allow him to deleted any users photo albums.
For the proof-of-concept researcher have demonstrated the process in a video, which you can see below.