A new facebook hack allows anyone to grab primary emails addresses of billions of Facebook users easily. The flaw exists in App settings, where application admin can add developer’s profile also, but if the user is not a verified user, a error messages on page will disclose his primary email address. The hack was reported to facebook security team by Roy Castillo and he is rewarded with $4500 under bug bounty program. This way attacker is able to dump primary email addresses of any number of facebook users at once.
Source: https://thehackernews.com/2013/07/another-facebook-hack-exposes-primary.html