Last Thursday, a little before 11 p.m., a group of “clean cut and well-dressed” 20-somethings strolling through Philadelphia’s moneyed Rittenhouse neighborhood called gay slurs at two men before launching an attack that sent both men to the hospital.

Four days later, Philadelphia police posted a surveillance video of the group on Youtube.

And mere hours after that, an anonymous Twitter user with the handle @FanSince09 announced that he’d found the perpetrators … entirely through social media.

In terms of actual computing skill or detective work, this particular investigation wasn’t technically that hard to do. As NPR’s Melody Kramer chronicled in a Storify on Wednesday morning, @FanSince09’s sleuthing began when another user tweeted a picture of a group of 20-somethings at a restaurant that seemed to match footage from surveillance cameras. From there, @FanSince09 discovered the name of the restaurant — La Viola — from other Twitter users who had been there, and then turned to Facebook’s Graph Search to see who had checked into the restaurant recently.

Graph Search, which Facebook introduced in early 2013 to some alarm from privacy groups, essentially lets you trawl through the untold, unstructured masses of public data the social network has on its users — everything from their relationships, ages and home towns to their recent check-ins and favorite bands. Graph Search is powerful: It can identify, say, “people who have checked in at La Viola” and are between the ages of 23 and 29. (As of this writing, at least, only five such people show up.) It can also expose a lot of personal information you may not be aware you had shared.

Tom Scott, the guy behind “Actual Facebook Graph Searches” — a project that compiled lists of people who surfaced in embarrassing or contradictory Graph Searches — put it this way when he wrapped the project last year:

… Most people will never actually be affected by accidentally making [their Facebook] data ‘public’. (Of course, for the unlucky ones, it won’t be a gamble worth taking.) Most of the danger online comes not from strangers making half-assed joke searches: it comes from people who know you. A lot of the public data fails what I call the ‘bitter ex test’: can someone who hates you ruin your life with that information?

Or, put another way, can a savvy social-media detective who suspects you’ve done something terrible ruin your life with that information? (Yes.)

To be clear, no definitive ID has been made yet — @FanSince09 simply gave police the results of his Graph Search sleuthing, and police thanked him publicly for the help. (“No arrests made. Central Detectives have done a ton of work and have a lot more to do,” tweeted Joseph Murray, an unusually Twitter-savvy detective for Philadelphia Police.) But even if it’s a smidge too early for all-out celebrations, the case is a rare and much-needed example of Internet sleuthing done responsibly and right — in collaboration with police, instead of as a presumed replacement.

It’s also a heartening illustration of what a group of concerned people can accomplish together, if — in the words of @FanSince09 — they see “an awful thing” and decide not to tolerate it. The sentiment is a well-worn trope, of course. But online, it’s a rarer thing: Our screen-mediated sense of distance, of anonymity, only magnifies the bystander effect that stops us from intervening in “real life.” So it’s profoundly relieving (if nothing else) to see the Internet used as a force for good. Tweeted Murray, the Philadelphia detective:

Until then, at least one Twitter user has sent the Philly PD free pizza. @FanSince09 might deserve a pie, too.