"obtaining anything of value" could be satisfied by getting personal data which today is akin to profit, but the "intent to defraud" would be hard to prove in court, save for some very broad and dangerous intepretation of "intent" which could equal sloppiness to malice, a precedent that might ruin the lives of honest people who just happen to be clueless sysadmins or developers. Totally agree though on investigating whether this was really accidental or not; if it was done on purpopse I would expect FB to be hit really hard.