I personally find it a little difficult to believe that this was a security researcher. Exploiting a vulnerability (against the rules of engagement), _and_ uploading a web shell?
Seems more likely that Facebook wasn't thrilled that Orange included the details of an existing, unknown Facebook compromise in his write-up.
Clearly the bounty was not enough for the mystery attacker / researcher / hacker / whatever that Orange discovered exploiting the same hole.