Media report about a new privacy leak on Facebook which has been found just recently. It is possible to find out with which persons someone is in contact with – therefore one just has to create a fake account using a known email address of the person to spy upon. Facebook doesn’t verify whether the address is real so the new account can already be used. Up to 20 contacts are visible according to the reports.
This is also possible for persons that don’t use Facebook at all, as their address can be imported by other users via the friend finder feature. So it is a good idea to delete such data if the friend finder has been used to find contacts through the email provider. This is very well hidden – users have to start the invite process and can press on “more about” next to the claim that Facebook doesn’t store the email password. On the then appearing web page it is possible to remove those imported contacts.