While unfortunate and irresponsible, this is a mistake many developers make; logs are incorrectly not considered a sensitive asset. A savvy attacker, having gained access to a system, can learn quite a bit from logs, which are pretty much never encrypted.
Dev teams must be trained in Security 101, and move past the paradigm of "lets build it first and secure it later"; we all know how long technical debt can languish in backlogs. Software must be designed to be secure from the start.
Facebook has released a statement regarding this leak, not saying much else besides that they've been reviewing their logging practices and found this same issue in several other places. Hopefully they learn from this and improve their practices, and inspire other teams to also review their own policies.
A small community of meme gardeners, planting and nurturing ideas.