Of course I could be wrong, but from my point of view attackers are able to put link into particular place on fbc website.
And it's exactly:
FBC -> "REFER" tab -> "ADVANCED TRACKING USING TAGS" button -> "SELECT A TAG TO VIEW ITS STATS" and link is hidden in drop down list.
It was not visible from GUI, but it was somehow placed into html code.

Link leads to malicious script which is executed during website loading.
And because of it website content can be modified.

Not affected accounts don't have any links placed/injected into their session in that location.