Security expert Orange Tsai discovered the presence of a malicious webshell on one of the company servers. The researcher was analyzing the Facebooks infrastructure when noticed a domain called files.fb.com. He discovered that it was hosting an instance of the Accellion File Transfer Appliance that is used by companies or secure file transfers. Tsai exploited a pre-auth SQL injection flaw to upload a webshell to the Facebook server and gain its control. Facebook admitted the existence of the webshell and rewarded him with $10,000.”]
Source: http://securityaffairs.co/wordpress/46578/hacking/facebook-hacked.html