There, I did it. Haha.
Can we stop beating dead horses, we all read Hacker News around here?
For now, the best you can hope for is a layered defense and rigorous dev and ops practices to help minimize the attack surface and reduce the overall damage a single successful attack can achieve.
Automated testing/fuzzing could find this, but probably better training/practices would be easier to get right and save time/money in the long run.
While Facebook most likely does do some form of threat modeling for their main site, without a rigid process for all code that goes public you'll run into issues like this that are just as severe. Just because it's a mobile support site for requesting photo removals doesn't mean it is less important surface area in terms of security.
Testing can only ever go so far - bugs and vulnerabilities exist everywhere, even in Facebook.
I'd imagine they'd find the accounts that were responsible for deleting the pictures that weren't theirs (as this hack allowed to have happen) and restore the pictures deleted by those accounts.
Regardless, well done!