Re: Hash/UUID collision
The birthday problem for this sort of clashes is well studied.
https://en.wikipedia.org/wiki/Birthday_attack
If they did use 128 bit hashes, then the probability of a clash is very low even for billions of images.So I guess that either
1. They really do have billions of hashes, and were just (un)lucky here.
2. Somebody has worked out the algorithm used and manufactured a hash collision.
3. They are using far fewer than 128 bits.
4. This wasn't a hash attack.
Given the combination of account it happened with, and the image that ended up being used, I would tend towards this being something that was done deliberately.