Facebook was the victim of both hacks, but is surprisingly relaxed about it. Facebook considers both hackers to be researchers who participate in the companys bounty program; indeed, Orange was awarded $10,000 for the discovery described here. But penetration testing (and, by implication, an attack by cybercriminals) doesnt always follow the obvious path, as it did in our 2015 story on the risks of an internet-of-things connected kettle. In that story, the security researchers were interested because it contained a copy of the key to the network and could be tricked into revealing that key.”]
Source: https://nakedsecurity.sophos.com/2016/04/22/the-facebook-hacker-who-caught-a-facebook-hacker/