While there is certainly a MAC using a key shared between sender and receiver using either an integrated authenticated encryption algorithm or encrypt-then-MAC this key will be known to the recipient and is thus useless for proving authenticity to a third party. But facebook could add an additional MAC using a key only known to them over the already authenticated ciphertext.