Yeah, I wonder why the guy who said "This is not a bug." isn't actually the one getting in trouble. Clearly I understand why not - but then his actions lead to the person reporting to escalate their actions to get attention. If the "This is not a bug." guy actually helped guide the person reporting to the proper, expected actions, then this would have likely gone completely differently.
Surely that person is in trouble, or will be once the relevant bureaucracy gets back on Monday morning. This is just a huge embarassment, and exactly the opposite of proper security analysis. But no one is going to admit that externally until all the internal work has been done.
It's an assumption that they even care or are looking into it. So far the resulted outcome is they are blaming the guy who didn't follow "their rules" (that wouldn't likely have been clear to him due to a language barrier). This should hit mainstream media though - because if that kind of bug exists, what else exists that Facebook doesn't even know about, that's being taken advantage of?
