Find a fraction's position in the Stern-Brocot tree
It is all of those. I work for a major company in the line you mentioned. I get a good inside out view, everyday there user accounts compromised.
Combination of phishing and social engineering is a major reason behind, there are ton of phishing sites out there and users get sent soliciting fake emails to them.
Secondly malwares and weak passwords. Malwares work best on site like facebook since their architecture's nature of open platform to integrate other sites and applications. I have seen huge dictionary attacks that went on for months and years to gain access to accounts with weak passwords. Compromising the system it self is less frequent.
Some attacks are combination of two or more, it is a chain of attacks that output of one attack is used in next attack. These attacks target not only usernames and passwords but gaining extended info and Personally Identifiable Information (PII) information too.