They were made aware of the issue on the 25th... it seems like due diligence would have revealed the issue at the outset. It should be no secret that FB provides their authentication services with strings attached. At least they fixed it quickly.