Data Slurping Company's Data Gets Slurped
Using the vuln to delete accounts or data rather than just slurping would have done more damage. All the culprits managed to achieve is wipe a few pennys off the share value and given the FB legal team more job security. FB still has the data of these 50m users (which will probably pay any losses incurred and still make a profit) and has now closed the vuln.
50m is only 0.0022421524663677% of 2.23bn so maybe a more parallel attack and process the profile id number in random order next time to delay the detection!
Let the dawn of API injection vulns commence!