Facebook, Google, and the other big tech companies all have massive amounts of code, and regardless of how much effort they put into security, some bugs are going to be discovered by hackers and security analysts. Some of these attacks have some value on the black market, so to provide a better incentive with what to do with these exploits, these large companies usually have some sort of payment program where they pay some sort of bounty to get first access so they can patch it up.
These types of programs were in the tech news just recently when a young Palestinian hacker submitted an exploit to Facebook, whose security team dismissed the bug. For better or worse, the hacker then posted a message on Facebook CEO Mark Zuckerber's Facebook page from the billionaire's profile, basically saying, "sorry for breaking your privacy, but this bug exists". Facebook again refuses to compensate him for breaking the conditions of the bug bounty program, but we'll let them figure that out.