From hackread.com
The researcher hacked Facebook after identifying and exploiting Unauthenticated RCE on MobileIron’s Mobile Device Management (MDM) used by the company’s employees.
Not every time a platform is found vulnerable because of its own fault, at least not entirely. Sometimes, a third-party service may be used which has a negative ripple effect on user security.