Nice work, very detailed.
However this is hack of Accellion’s Secure File Transfer.
How should Facebook, or anyone for that matter, protect themselves in these cases?
I mean other then some obvious ones like not running as root, limiting file access, limiting network access to other servers...
Reason about the software as if it has already been compromised. Think about how user credentials and private keys the server touches can be used to attack other internal services, and try to limit the scope as much as possible.