"A bug enabled status postings by unauthorized people on a handful of pages," a Facebook spokesperson said in a statement. "The bug has been fixed." The company also noted that while a handful of public Facebook pages were disrupted, no personal user accounts were hacked. The bug was very limited in that it only applied to the ability to post.
The Guardian has done some solid sleuthing in an attempt to find the hacker's identity but ultimately hit a roadblock. The hack was possibly made from IP address 18.104.22.168, which points to the US department of defense in Williamsburg. Whether or not someone at the military was behind the hack, or someone who simply made sure to spoof their IP address, we'll probably never find out. If Facebook's public statement is to be believed, however, this particular hack won't ever happen again.