“Only the second value was important. The value was an ID associated with the address that the invitation was sent to in hex. A Facebook user’s numerical ID could be put as this value and their primary email address would be displayed. A user’s numerical ID is considered public information and can be obtained from the source of their profile or through the Graph API.”
Using this Facebook flaw a hacker can retrieve email address of all Facebook profiles simple writing an automated script to grab all email address of billions of Facebook users.
My coleague at The Hacker News Magazine proposed simple procedure to follow for the hack using an automated script to grab all emails: