Using the name "Brian Kil" online, a California man, Buster Hernandez, used Facebook to target young girls to terrorise them for years.
He messaged underage girls, saying that he had some of their nude photos, even when he actually did not have, and asked them to send more explicit pictures and videos.
His threats did not stop even after some of his targets fulfilled his demands.
As Hernandez was using a privacy-focused operating system called Tails, it was difficult to unmask him.
So Facebook, "which routinely investigates suspected criminals on its platform", decided to pay a cybersecurity consulting firm six figures to develop a hacking tool that can infiltrate Tails OS, according to the Motherboard report on Wednesday based on statements from some of the social network's former and current employees.
The programme reportedly developed a zero-day exploit in Tails to identify the real IP address used by Hernandez.
Facebook asked an intermediary who handed the tool over to the law enforcement agency.
The FBI received help from a victim who sent a booby-trapped video to Hernandez, leading to his arrest.
In February, Hernandez pleaded guilty to 41 charges, including production of child pornography and threats to kill, kidnap and injure.
He is now awaiting sentencing, said the report, adding that he will likely spend years in prison.
While Facebook's actions helped nab a serial child predator, it also raised important ethical questions related to user's privacy, as giving law enforcement agencies zero-day exploits comes with the risk that it will be used in other, not so serious cases.