Like many major companies, Facebook's most powerful way to protect itself from hackers is to, get this, offer bounties for every time a hack is successful. If the company hadn't left a standing bounty on any of Facebook's exploitable bugs, then one man would have had no reason not to delete any photo that he wanted.
That's right, up until very recently, anyone who found out about a just-fixed bug could delete any file that they wanted on Facebook. Not just their photos, any of them.
The hack was discovered by security researcher Laxman Muthiyah, who quickly reported it to Facebook.
The company handed him $12,500 and quietly sent him on his way.