Facebook new bug allows you to post as any user whose email address you know. You don’t need any other user access, no password nothing. The only two things you’ll need are: User’s email address (from their facebook profile). A group email address of which user is a part (on groups’ homepage). After you have both these details send a spoofed mail from user to group email and bang it will be posted from user’s profile without any need of password. We have already submit this bug to facebook authorities, Hope they will fix it as soon as possible!
Source: https://thehackernews.com/2011/03/facebook-new-venerability-lots-of.html