Facebook/Meta's Magento Permission Advice Leads to Client Hack

A developer discovered that a client was hacked due to universal file permissions on the Magento pub folder, which allowed a bot to upload custom PHP files and other large files. The developer found suspicious files and realized that the file permissions were widely open, following the recommendations from the official documentation of the Facebook plugin for Magento2. The plugin has since been archived by Meta in read-only mode.