More from the story:
Spokesperson Jay Nancarrow told The Intercept that Facebook had "no evidence of this alleged activity." Facebook is less vulnerable to malware attacks now that it offers users HTTPS encryption for users, but that was only implemented last year.
That's nice, but it doesn't do anything to prevent attacks using a fake server and in any event we already have information courtesy of Snowden that the NSA systematically attacked and weakened the encryption systems used by the internet to make it easier for them to decrypt transmissions.