Facebook isn't a startup; I'm surprised it took 2 days to be honest. This should have been an all-out panic mode, level-1 alarm and push.

Given that at any big company, every change (even a critical security fix!) has to go through review and QA, most startups are probably better equipped to fix this sort of thing than most big companies.

"23rd May 2013 - Reported 28th May 2013 - Acknowledgment of Report 28th May 2013 - Issue Fixed"

5 Days to Acknowledge: Yipes!

In all fairness, it was reported on a major holiday weekend...

Looks more like a 1 day window. Bug was acknowledged on the 28th of May and fixed the same day. This post is almost a month after-the-fact - 26th of June.

A one day window from acknowledgement to correction, but still a five day window from report to correction.